CVE-2026-8047
- EPSS 0.45%
- Veröffentlicht 26.05.2026 06:49:54
- Zuletzt bearbeitet 26.05.2026 20:00:24
The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on t...
CVE-2026-8046
- EPSS 0.35%
- Veröffentlicht 26.05.2026 06:45:21
- Zuletzt bearbeitet 26.05.2026 20:00:24
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.
CVE-2026-3509
- EPSS 0.35%
- Veröffentlicht 24.03.2026 07:42:33
- Zuletzt bearbeitet 24.03.2026 15:53:48
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
CVE-2025-41660
- EPSS 0.43%
- Veröffentlicht 24.03.2026 07:41:43
- Zuletzt bearbeitet 24.03.2026 15:53:48
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
CVE-2025-41738
- EPSS 0.34%
- Veröffentlicht 01.12.2025 10:02:33
- Zuletzt bearbeitet 23.02.2026 15:42:30
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.