2026-04-10 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-1490 | WAGO - CC100 (0751-9x01)WAGO - PFC100 G1 (0750-810-xxxx-xxxx)WAGO - PFC100 G2 (0750-811x-xxxx-xxxx)WAGO - PFC200 G1 (750-820x-xxxx-xxxx)WAGO - PFC200 G2 (750-821x-xxxx-xxxx)WAGO - TP600 (0762-420x-8000-000x)WAGO - TP600 (0762-430x-8000-000x)WAGO - TP600 (0762-520x-8000-000x)WAGO - TP600 (0762-530x-8000-000x)WAGO - TP600 (0762-620x-8000-000x)WAGO - TP600 (0762-630x-8000-000x)WAGO - Edge Controller (0752-8303-8000-0002)WAGO - WP400 (0762-340x) | An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device. | CVSS3.1: 7.2 - HIGH | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: total | Wago: Vulnerability in WBM through Open VPN | github |
| CVE-2025-45806 | n/a - n/a | A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | CNA n/a CVSS3.1: 6.1 - MEDIUM | 0 1 2 | Exploitation: pocAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-12664 | GitLab - GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries. | CVSS3.1: 7.5 - HIGH | 0 1 2 | Exploitation: noneAutomatable: yesTechnical Impact: partial | Improper Validation of Specified Quantity in Input in GitLab | github |
This post is licensed under CC BY 4.0 by the author.