Tagged: Cybersecurity Alert

Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. More information : https://azure-access.com/security-advisories

Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. More information : https://azure-access.com/security-advisories

Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device. More information :...

The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed. More information : https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0005.pdf

When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality. More information : https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0006.pdf

On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights. More information : https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0007.pdf

Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. More information : https://azure-access.com/security-advisories

By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability...

The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol. More information : https://cds.thalesgroup.com/es/s21sec

A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0 allows attackers to execute arbitrary code in the context of a user’s browser via injecting a crafted payload into the...

Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can...

The equipment initially can be configured using the manufacturer’s application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer’s software, the device can be configured via UDP. Analyzing this...

The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This...

Denial of service of the web server through specific requests to this protocol More information : https://cds.thalesgroup.com/es/s21sec