Category: All CISA Advisories

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-1731 BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to obtain remote code execution. The following versions of Airleader Master are affected: Airleader Master <=6.381 (CVE-2026-1358) CVSS Vendor Equipment Vulnerabilities v3 9.8 Airleader GmbH Airleader Master Unrestricted…

Read more →

View CSAF Summary Polarion before V2506 contains a vulnerability that could allow authenticated remote attackers to conduct cross-site scripting attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions…

Read more →

View CSAF Summary Solid Edge uses PS/IGES Parasolid Translator Component that contains an out of bounds read that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file…

Read more →

View CSAF Summary The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve full access to Webhooks API. Siemens has released new versions for the affected products…

Read more →

View CSAF Summary Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for…

Read more →

CISA released the guidance, Barriers to Secure OT Communication: Why Johnny Can’t Authenticate, which highlights the known issues with insecure-by-design legacy industrial protocols and seeks to understand why the technology to secure these protocols is not widely adopted. CISA developed…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information (PHI) or device telemetry. The following versions of ZOLL ePCR IOS Mobile Application are affected: ePCR IOS Mobile Application 2.6.7…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. The following versions of AVEVA PI to CONNECT Agent are affected: PI to CONNECT Agent <=v2.4.2520 (CVE-2026-1495) CVSS Vendor Equipment Vulnerabilities v3…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could result in a denial-of-service condition. The following versions of AVEVA PI Data Archive are affected: PI Data Archive PI Server <=2018_SP3_Patch_7 (CVE-2026-1507) PI Data Archive PI Server 2023 (CVE-2026-1507) PI Data…

Read more →

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle (MITM) attack, execute malicious scripts, steal files, and perform other various attacks. The following versions of Yokogawa…

Read more →

The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team (CERT Polska’s) Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders.  In December 2025, a malicious cyber actor(s) targeted…

Read more →

View CSAF Summary Hitachi Energy is aware of a vulnerability that affects XMC20 product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product.…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition and memory corruption. The following versions of o6 Automation GmbH Open62541 are affected: Open62541 >=1.5-rc1|<1.5-rc2 (CVE-2026-1301) CVSS Vendor Equipment Vulnerabilities v3 5.7 o6…

Read more →

View CSAF Summary Hitachi Energy is aware of a vulnerability that affects FOX61x product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product.…

Read more →

View CSAF Summary Successful exploitation of this vulnerability may allow an attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial-of-service condition on the…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could result in unauthorized users gaining administrative access to affected closed circuit television cameras. The following versions of TP-Link Systems Inc. VIGI Series IP Camera are affected: VIGI Cx45 Series Models C345,…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to, modify, delete, or destroy information stored on the system where the affected product is installed, or cause a denial-of-service condition on the affected…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could result in an unauthenticated attacker creating a denial-of-service condition. The following versions of RISS SRL MOMA Seismic Station are affected: MOMA Seismic Station <=v2.4.2520 (CVE-2026-1632) CVSS Vendor Equipment Vulnerabilities v3 9.1…

Read more →

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to take full control of the device. The following versions of Avation Light Engine Pro are affected: Light Engine Pro vers:all/* (CVE-2026-1341) CVSS Vendor Equipment Vulnerabilities v3 9.8…

Read more →