Radar
A personal hobby project. Radar aggregates security advisories from CISA and Zero Day Initiative and adds short editorial highlights on what I find notable from a European infrastructure perspective — not a threat-intel service, not exhaustive, just what catches my eye.
-
Silex Technology SD-330AC and AMC Manager
Multiple vulnerabilities across two Silex products include authentication bypass and code execution risks. The advisory notes a known-affected status but lacks specific remediation details.
Read more → -
Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary
The advisory specifies that this privilege escalation vulnerability affects User Administrators who can administer their own groups. The product is deployed worldwide in critical manufacturing sectors.
Read more → -
Siemens TPM 2.0
The vulnerability affects multiple Siemens industrial computing products with TPM 2.0 modules. Fixed versions are available for some products while others remain under investigation.
Read more → -
SenseLive X3050
Vendor did not respond to coordination requests. Ten distinct CVEs affect a single firmware version.
Read more → -
Siemens Analytics Toolkit
The advisory notes that the same vulnerability (CVE-2025-40745) affects multiple Siemens engineering applications through the Analytics Toolkit. Updates are available for each affected product, with specific version targets provided.
Read more → -
Siemens SCALANCE
Siemens SCALANCE W-700 IEEE 802.11n devices have multiple vulnerabilities affecting versions before 6.6.0. The advisory includes a long list of CVEs spanning several years.
Read more → -
Hardy Barth Salia EV Charge Controller
The vendor did not respond to CISA's coordination request. Exploit for the firmware upload vulnerability has been publicly disclosed.
Read more → -
Siemens SINEC NMS
The advisory notes that this vulnerability affects critical manufacturing infrastructure. The issue is an authentication bypass in the User Management Component (UMC) due to insufficient identity validation.
Read more → -
Zero Motorcycles Firmware
Zero Motorcycles firmware allows unauthorized Bluetooth pairing when the vehicle is in pairing mode. This enables firmware manipulation by nearby attackers.
Read more → -
Siemens SINEC NMS
An authenticated attacker can reset any user's password in SINEC NMS by bypassing authorization checks. The advisory notes deployment in critical manufacturing environments worldwide.
Read more → -
Siemens Industrial Edge Management
The advisory notes that exploitation requires the remote connection feature to be enabled on a device and knowledge of the specific header and port used for connections. This may indicate that disabling the feature entirely could serve as an interim mitigation.
Read more → -
Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)
The vulnerability originates from an SQLite dependency in Siemens industrial controllers. This affects versions below 5.8 and enables both code execution and denial of service.
Read more → -
ZDI-26-295: (0Day) PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability
The vulnerability allows unauthenticated remote attackers to disclose sensitive information via SSRF. The advisory notes a CVSS rating of 8.2.
Read more → -
ZDI-26-294: (0Day) Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability
The vulnerability requires user interaction through viewing a folder with malicious content, which may limit exposure to network-adjacent attackers.
Read more → -
ZDI-26-293: (0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability
A Microsoft Office URI handler vulnerability enables remote disclosure of NTLM responses. Exploitation requires user interaction via a malicious page or file.
Read more → -
ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
This is an unauthenticated command injection vulnerability in AWS CLI's MCP server. It carries a CVSS score of 9.8 and is marked as a 0-day.
Read more → -
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
The addition of multiple vulnerabilities in Cisco Catalyst SD-WAN Manager suggests repeated security flaws in a network management platform used for wide-area orchestration.
Read more → -
Supply Chain Compromise Impacts Axios Node Package Manager
The advisory describes a supply chain attack that injected a malicious dependency into two specific Axios npm versions. The attack downloads multi-stage payloads including a remote access trojan.
Read more → -
AVEVA Pipeline Simulation
An unauthenticated attacker can escalate to administrative roles in AVEVA Pipeline Simulation by exploiting a missing authorization check. The vulnerability affects simulation parameters, training configuration, and training records.
Read more → -
Delta Electronics ASDA-Soft
The vulnerability is triggered by parsing a malformed .par file in ASDA-Soft. The advisory explicitly states the product is used in critical manufacturing sectors.
Read more → -
Horner Automation Cscape and XL4, XL7 PLC
Horner Automation PLCs have weak password requirements allowing network-based brute force attacks. The vendor has released updates for Cscape software and PLC firmware.
Read more → -
Anviz Multiple Products
Anviz access control devices are vulnerable to unauthenticated photo capture via front-facing camera. Multiple CVEs affect all versions across three product lines with no patches mentioned.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-34197 is an improper input validation issue in Apache ActiveMQ that is already seeing active exploitation.
Read more → -
ZDI-26-292: QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability
The vulnerability affects QNAP TS-453E devices running QVRPro's excpostgres service and can be exploited without authentication.
Read more → -
ZDI-26-291: NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability
The vulnerability affects NI LabVIEW during LVCLASS file parsing, leading to memory corruption.
Read more → -
ZDI-26-290: NI LabVIEW LVLIB File Parsing Memory Corruption Remote Code Execution Vulnerability
The vulnerability stems from memory corruption during LVLIB file parsing in NI LabVIEW, requiring user interaction for exploitation.
Read more → -
ZDI-26-289: Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability
This vulnerability requires prior high-privileged code execution on the target system. The ETS scheduler race condition allows local privilege escalation.
Read more → -
ZDI-26-288: DriveLock Directory Traversal Information Disclosure Vulnerability
The vulnerability requires authentication and allows remote attackers to disclose sensitive information via a directory traversal flaw in DriveLock.
Read more → -
ZDI-26-287: DriveLock Directory Traversal Information Disclosure Vulnerability
The vulnerability enables remote information disclosure without requiring authentication, affecting DriveLock installations.
Read more → -
ZDI-26-286: DriveLock SQL Injection Privilege Escalation Vulnerability
Authentication is required to exploit this SQL injection vulnerability in DriveLock, which could lead to privilege escalation.
Read more → -
ZDI-26-285: DriveLock Directory Traversal Information Disclosure Vulnerability
The vulnerability permits unauthenticated remote attackers to disclose sensitive information via a directory traversal issue in DriveLock.
Read more → -
ZDI-26-284: DriveLock Directory Traversal Information Disclosure Vulnerability
DriveLock directory traversal vulnerability allows unauthenticated remote information disclosure. CVSS 7.5 assigned to CVE-2026-5487.
Read more → -
ZDI-26-283: GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability requires interaction with the GStreamer library but specific attack vectors depend on implementation. A CVSS rating of 7.8 has been assigned.
Read more → -
ZDI-26-282: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability is a heap-based buffer overflow in GIMP's HDR file parsing, requiring user interaction to trigger.
Read more → -
ZDI-26-281: Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The vulnerability affects Microsoft's vcpkg OpenSSL port, enabling local privilege escalation.
Read more → -
ZDI-26-280: (Pwn2Own) HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability allows network-adjacent attackers to execute arbitrary code without authentication. It was demonstrated at Pwn2Own 2026 and carries a CVSS score of 8.8.
Read more → -
ZDI-26-279: Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability
The vulnerability requires user interaction through visiting a malicious page or opening a malicious file. A CVSS rating of 7.5 is assigned.
Read more → -
ZDI-26-278: Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
The vulnerability requires a local attacker to already have code execution on the target system. The advisory assigns a CVSS score of 7.8.
Read more → -
ZDI-26-277: Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability
The vulnerability requires local code execution prior to exploitation.
Read more → -
ZDI-26-276: Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability
This vulnerability targets the Windows Secure Kernel and requires local high-privileged code execution to exploit. The ZDI assigned a CVSS score of 7.5.
Read more → -
ZDI-26-275: Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability
Network-adjacent attackers can execute arbitrary code without authentication. The CVSS rating assigned is 8.8.
Read more → -
ZDI-26-274: Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability requires user interaction via a malicious page or file. It has a CVSS rating of 7.8.
Read more → -
ZDI-26-273: Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability
The vulnerability requires user interaction, such as visiting a malicious page or opening a malicious file, to trigger remote code execution via deserialization of untrusted data.
Read more → -
ZDI-26-272: ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability
The vulnerability affects ATEN Unizon's RpcProvider component and can be exploited without authentication to trigger a denial-of-service condition.
Read more → -
ZDI-26-271: Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability
The vulnerability requires prior local code execution to escalate privileges. The advisory notes a CVSS score of 7.8 for this local privilege escalation.
Read more → -
ZDI-26-270: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability
The vulnerability permits remote code execution without authentication via a directory traversal issue in the Apex One Console.
Read more → -
ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability
The vulnerability permits unauthenticated remote attackers to execute arbitrary code on Trend Micro Apex One via directory traversal.
Read more → -
ZDI-26-268: Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability
The vulnerability stems from incorrect default permissions in Samsung MagicINFO 9 Server, enabling local privilege escalation.
Read more → -
ZDI-26-267: Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The vulnerability requires local execution to escalate privileges. The CVSS rating of 7.8 indicates high severity for local privilege escalation.
Read more → -
ZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability requires authentication for exploitation. The ZDI assigned a CVSS rating of 8.8.
Read more → -
ZDI-26-265: Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service Vulnerability
Authentication is required to exploit this denial-of-service vulnerability in Fortinet FortiWeb.
Read more → -
ZDI-26-264: Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability
The vulnerability allows remote attackers to disclose sensitive information without authentication. The ZDI has assigned a CVSS rating of 7.5.
Read more → -
ZDI-26-263: Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability
The vulnerability allows authentication bypass without requiring authentication to exploit. The ZDI has assigned a CVSS rating of 6.5.
Read more → -
ZDI-26-262: Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability
The advisory notes authentication is required but can be bypassed, which may expand the pool of potential attackers despite the access control requirement.
Read more → -
ZDI-26-261: (0Day) Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability
The vulnerability requires prior container escape to the Hyper-V VM for exploitation. The advisory assigns a CVSS score of 7.5.
Read more → -
ZDI-26-260: (0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability
The vulnerability requires escaping a container and executing code in the Docker Hyper-V VM to escalate privileges.
Read more → -
ZDI-26-259: (0Day) Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Local privilege escalation vulnerability in Docker Desktop for Windows requires escaping the container first. The ZDI assigned a CVSS score of 7.8.
Read more → -
ZDI-26-258: (0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of high-privileged container code to exploit. The advisory assigns a CVSS rating of 8.2.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CVE-2009-0238, a remote code execution vulnerability in Microsoft Office, has been added to the KEV Catalog despite its 2009 publication date, indicating ongoing exploitation potential.
Read more → -
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
The advisory adds a 2012-era Visual Basic for Applications vulnerability back into active exploitation focus, suggesting long-dormant attack methods may still pose current risk.
Read more → -
Contemporary Controls BASC 20T
The advisory notes that the affected BASC 20T is an obsolete product. Exploitation could allow complete control via forged network packets.
Read more → -
GPL Odorizers GPL750
The advisory indicates that low-privileged remote attackers can manipulate odorant injection logic via Modbus packets. This may affect gas line safety by causing improper odorant levels.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-1340 is a code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that CISA has added to the KEV Catalog due to evidence of active exploitation.
Read more → -
Mitsubishi Electric GENESIS64 and ICONICS Suite products
SQL Server credentials stored in plaintext when local SQLite caching is enabled with SQL authentication. Affects multiple Mitsubishi Electric industrial software suites.
Read more → -
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
Iranian-affiliated actors are targeting internet-facing PLCs to manipulate HMI/SCADA displays and cause operational disruption. The advisory specifies Rockwell Automation/Allen-Bradley PLCs are known targets, but notes potentially other brands may be affected.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-35616 is an improper access control vulnerability in Fortinet FortiClient EMS, now listed in CISA's KEV Catalog due to observed active exploitation.
Read more → -
ZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability is triggered by parsing a malicious PDSPRJ file, leading to an out-of-bounds write condition.
Read more → -
ZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
An out-of-bounds write vulnerability exists in Labcenter Electronics Proteus PDSPRJ file parsing. Remote code execution requires user interaction via a malicious file or page.
Read more → -
ZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability requires user interaction through opening a malicious file or visiting a malicious page. The assigned CVSS score of 7.8 indicates a high-severity issue.
Read more → -
ZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability
A type confusion vulnerability exists in the parsing of PDSPRJ files in Labcenter Electronics Proteus, which could lead to remote code execution if a user opens a malicious file.
Read more → -
Siemens SICAM 8 Products
Multiple SICAM 8 products are affected by denial-of-service vulnerabilities triggered by high-volume requests. Siemens has released firmware version 26.10 to address these issues.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The added vulnerability involves a download of code without integrity check in TrueConf Client, which could allow unauthorized code execution if exploited.
Read more → -
Yokogawa CENTUM VP
The vulnerability allows login as the PROG user with hardcoded credentials. Exploitation requires prior access to the HIS screen controls.
Read more → -
ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
The vulnerability requires a user to open a malicious project to trigger command injection via mcp.json in Visual Studio Code.
Read more → -
ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability
The vulnerability stems from a type confusion in Firefox's IonMonkey switch statement optimization, which could be triggered by visiting a malicious page.
Read more → -
ZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The vulnerability stems from an uncontrolled search path element in the Foxit PDF Reader update service, which can be exploited by local attackers to escalate privileges.
Read more → -
ZDI-26-250: Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability
This vulnerability requires local execution with high privileges to exploit. The advisory specifies a CVSS score of 8.2.
Read more → -
ZDI-26-249: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The vulnerability stems from an uncontrolled search path element in NoMachine, which could allow local privilege escalation if exploited.
Read more → -
ZDI-26-248: NoMachine External Control of File Path Local Privilege Escalation Vulnerability
The vulnerability involves external control of file paths in NoMachine, potentially allowing local privilege escalation.
Read more → -
ZDI-26-247: NoMachine External Control of File Path Arbitrary File Deletion Vulnerability
The vulnerability requires local code execution for exploitation. The advisory assigns a CVSS score of 7.1.
Read more → -
ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability
The vulnerability permits unauthenticated remote code execution with a CVSS score of 9.8. The assigned CVE is CVE-2026-5058.
Read more → -
ZDI-26-244: (Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability
The vulnerability enables network-adjacent attackers to bypass authentication on QNAP QHora-322 routers without requiring credentials.
Read more → -
ZDI-26-243: (Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability
The vulnerability affects QNAP TS-453E devices and involves external control of a file path via the write_file_to_svr function, potentially allowing remote code execution.
Read more → -
ZDI-26-242: (Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability
The vulnerability involves an information disclosure in the server_handlers.pyc rr2s.kwargs component of QNAP TS-453E devices, where authentication can be bypassed despite being nominally required.
Read more → -
ZDI-26-241: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability
The vulnerability involves a SQL injection in the qvpn_db_mgr component that can be exploited remotely after bypassing authentication.
Read more → -
ZDI-26-240: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability
The advisory notes that authentication is required to exploit the vulnerability, yet the authentication mechanism can be bypassed, which may indicate a flaw in how role_type input is validated during the authentication process.
Read more → -
ZDI-26-239: (Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability
The vulnerability enables remote authentication bypass on QNAP QHora-322 routers without requiring prior authentication.
Read more → -
ZDI-26-238: Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability
The vulnerability is a use-after-free in the Linux Kernel AoE driver that can be exploited by local attackers to escalate privileges.
Read more → -
ZDI-26-237: (Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability
The advisory notes a firewall bypass vulnerability in the QNAP QHora-322 router due to improper restriction of a communication channel.
Read more → -
ZDI-26-236: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
DASYLab DSB file parsing contains an out-of-bounds write vulnerability. Exploitation requires user interaction via a malicious file or page.
Read more → -
ZDI-26-235: Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability involves an out-of-bounds write during DSA file parsing in Digilent DASYLab, requiring user interaction for exploitation.
Read more → -
ZDI-26-234: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
The vulnerability requires user interaction through opening a malicious file or visiting a malicious page. A CVSS score of 7.8 is assigned.
Read more → -
ZDI-26-233: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
The vulnerability is triggered by parsing a malicious DSA file, leading to an out-of-bounds read in Digilent DASYLab.
Read more → -
ZDI-26-232: (Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability
The vulnerability is an integer overflow in the vmwgfx driver, which is part of the Red Hat Enterprise Linux kernel graphics subsystem.
Read more → -
ZDI-26-231: Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability
The vulnerability requires a local attacker with low-privileged code execution to disclose sensitive information. It affects Apple macOS installations with a CVSS rating of 3.8.
Read more → -
ZDI-26-230: Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability is an out-of-bounds write in the CoreMedia framework requiring user interaction for remote code execution.
Read more → -
ZDI-26-229: OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
The vulnerability requires user interaction during an OAuth authorization flow to disclose stored credentials.
Read more → -
ZDI-26-228: OpenClaw Canvas Authentication Bypass Vulnerability
The advisory notes that authentication is not required to exploit the vulnerability, indicating potential for unauthenticated remote access.
Read more → -
ZDI-26-227: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
The vulnerability requires authentication to exploit and could lead to information disclosure via path traversal in OpenClaw.
Read more → -
ZDI-26-226: (0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability
The vulnerability allows unauthenticated remote code execution in Microsoft Azure MCP AzureCliService with a CVSS rating of 9.8.
Read more →