Radar
A personal hobby project. Radar aggregates security advisories from CISA, Zero Day Initiative and CERT-EU and adds short editorial highlights on what I find notable from a European infrastructure perspective — not a threat-intel service, not exhaustive, just what catches my eye.
-
CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure
CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred…
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The added vulnerability allows total control of affected systems post-exploitation and is already being actively exploited.
Read more → -
AVer PTC cameras
The advisory states that all versions of the affected AVer PTC camera models are vulnerable to arbitrary code execution via a crafted web request.
Read more → -
Mitsubishi Electric MELSEC iQ-F Series
The affected module may enter a denial-of-service state due to improper handling of rapid TCP connections, leading to memory access issues.
Read more → -
AzeoTech DAQFactory
The advisory states that loading untrusted .ctl files in AzeoTech DAQFactory <=21.1 may lead to arbitrary code execution due to a type confusion vulnerability.
Read more → -
Schneider Electric EasyLogic T150 and Saitel DP
View CSAF Summary Successful exploitation this vulnerability could allow an attacker to gain unauthorized access to sensitive files The following versions of Schneider Electric EasyLogic T150 and Saitel DP are…
Read more → -
Rockwell Automation FactoryTalk Historian Site Edition
The advisory identifies a race condition that could allow attackers to obtain a valid authentication token by repeatedly sending requests to the login endpoint.
Read more → -
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
The device transmits sensitive health data in cleartext over Bluetooth, exposing glucose measurements to interception by nearby attackers.
Read more → -
Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module
The advisory states that all versions of the FX5-ENET/IP module are affected by a DoS vulnerability due to excessive packet processing. No fix is planned for this product.
Read more → -
Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products
View CSAF Summary Schneider Electric is aware of vulnerabilities in its PowerChute™ Serial Shutdown product. The [PowerChute Serial Shutdown](https://www.se.com/ww/en/product-range/137943580-powerchute-serial-shutdown/#…
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The vulnerability allows improper access control in the Widget Factory Joomla Content Editor, potentially enabling full system control post-exploitation.
Read more → -
Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP
Devices with less memory are more likely to experience a major nonrecoverable fault when a crafted CIP message is sent.
Read more → -
Rockwell Automation RSLinx
The advisory states that exploitation can cause a denial of service where the application becomes unresponsive and does not recover automatically.
Read more → -
Rockwell Automation FLEX I/O EtherNet/IP Adapters
The advisory states that exploitation could lead to unauthorized access and loss of availability due to memory handling and authentication flaws in specific FLEX I/O adapter versions.
Read more → -
Rockwell Automation FactoryTalk Analytics PavilionX
The advisory states that affected versions of FactoryTalk Analytics PavilionX lack proper authorization controls on API endpoints, potentially allowing unauthenticated attackers to perform administrative actions.
Read more → -
Rockwell Automation CompactLogix
The advisory states that exposed Connection IDs on the web interface can be abused to trigger a denial-of-service condition via improper validation of CIP protocol fields.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Two vulnerabilities involving path traversal in network and web management tools are now in the KEV catalog due to observed exploitation.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The added vulnerability affects Oracle PeopleSoft Enterprise PeopleTools and involves missing authentication for a critical function.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The added vulnerability allows OS command injection, which the advisory explicitly states grants total control of the affected asset post-exploitation.
Read more → -
Yarbo Android/iOS Mobile Application and Cloud Infrastructure
Hard-coded credentials in the Yarbo mobile app grant access to all robot telemetry and command topics via the cloud MQTT infrastructure.
Read more → -
Naxclow IoT Platform
The advisory states that all versions of multiple Naxclow IoT devices are affected by an authorization bypass vulnerability allowing silent device reassignment via replayed onboarding sequences.
Read more → -
Brickcom Cameras
The advisory states that live video snapshots can be accessed without authentication via the /ONVIF endpoint on affected Brickcom camera models.
Read more → -
ZDI-26-360: MATE Desktop Atril Document Viewer EPUB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability is a heap-based buffer overflow in Atril Document Viewer triggered by parsing a malicious EPUB file.
Read more → -
ZDI-26-359: Samsung rlottie Numeric Truncation Remote Code Execution Vulnerability
The vulnerability involves a numeric truncation issue in Samsung rlottie that can lead to remote code execution when the library processes input.
Read more → -
ZDI-26-358: Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability
The vulnerability requires user interaction, such as visiting a malicious page or opening a malicious file, to trigger cross-site scripting.
Read more → -
ZDI-26-357: Allegra exportReport Directory Traversal Information Disclosure Vulnerability
The vulnerability requires authentication and could allow remote information disclosure via a directory traversal in the exportReport functionality.
Read more → -
ZDI-26-356: Apache HTTP Server mod_proxy_ajp Out-Of-Bounds Read Information Disclosure Vulnerability
The vulnerability requires prior compromise of an AJP backend to enable information disclosure via mod_proxy_ajp.
Read more → -
2026-008: Critical vulnerabilities in Ivanti Sentry
The advisory states that unauthenticated remote code execution is possible on vulnerable Ivanti Sentry devices.
Read more → -
2026-007: Critical Vulnerability in Windows Netlogon
On 12 May 2026, Microsoft published a security advisory addressing a critical vulnerability affecting Windows Server when acting as a domain controller. This vulnerability allows an unauthenticated attacker to execute…
Read more → -
ZDI-26-328: ASUS MyASUS Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability stems from an origin validation error in ASUS MyASUS that may allow local privilege escalation.
Read more → -
ZDI-26-355: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
The vulnerability is a use-after-free in Adobe Acrobat Reader DC related to annotation handling, requiring user interaction to trigger.
Read more → -
Siemens KACO Blueplanet Inverters
The advisory states that serial numbers from affected inverters can be used to derive credentials, enabling unauthorized access. This affects a wide range of KACO blueplanet inverter models across multiple product lines.
Read more → -
Schneider Electric EcoStruxure Panel Server
View CSAF Summary Schneider Electric is aware of its vulnerability in its EcoStruxure Panel Server offer. The EcoStruxure Panel Server is a high performance, modular gateway with enhanced cybersecurity that provides…
Read more → -
Schneider Electric Modicon Network Managed Switches
The vulnerability only affects devices where the RADIUS Server Message Authenticator option is disabled, as the default configuration is not vulnerable.
Read more → -
CISA Adds Three Known Exploited Vulnerabilities to Catalog
The addition of a network infrastructure vulnerability in Arista's Extensible Operating System may indicate interest in targeting backbone devices.
Read more → -
ZDI-26-354: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
The vulnerability is a use-after-free in Adobe Acrobat Reader DC related to annotation handling, requiring user interaction to trigger via a malicious file or page.
Read more → -
ZDI-26-353: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
The vulnerability is a use-after-free in Adobe Acrobat Reader DC related to annotation handling, requiring user interaction to trigger.
Read more → -
ZDI-26-352: Adobe Acrobat Pro DC AcroForm Use-After-Free Remote Code Execution Vulnerability
The vulnerability is a use-after-free in Adobe Acrobat Pro DC's AcroForm functionality, requiring user interaction to trigger.
Read more → -
ZDI-26-351: Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability involves a heap-based buffer overflow in Adobe USD-Fileformat-plugins that requires interaction with the USD library for exploitation.
Read more → -
ZDI-26-350: Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code Execution Vulnerability
A heap-based buffer overflow exists in Adobe USD-Fileformat-plugins that could allow remote code execution upon interaction with the USD library.
Read more → -
ZDI-26-349: Adobe Acrobat Pro DC Annots.api Use-After-Free Remote Code Execution Vulnerability
A use-after-free vulnerability exists in Adobe Acrobat Pro DC's Annots.api component, requiring user interaction to trigger.
Read more → -
ZDI-26-348: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
The vulnerability is a use-after-free in Adobe Acrobat Reader DC related to annotation handling, requiring user interaction to trigger.
Read more → -
ZDI-26-347: Adobe Acrobat Reader DC Multimedia Rendition Use-After-Free Remote Code Execution Vulnerability
The vulnerability is triggered by user interaction with a malicious file or page, indicating delivery likely depends on social engineering.
Read more → -
ZDI-26-346: Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability
The vulnerability is a use-after-free in Adobe Acrobat Reader DC related to annotation handling, requiring user interaction to trigger.
Read more → -
ZDI-26-345: Adobe Acrobat Reader DC Font Handling Use-After-Free Remote Code Execution Vulnerability
The vulnerability is triggered through malicious file or page interaction, indicating an attack vector dependent on user action.
Read more → -
ZDI-26-344: Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability
The vulnerability involves an out-of-bounds read in the Doc object within Adobe Acrobat Reader DC, potentially disclosing sensitive information.
Read more → -
ZDI-26-343: Adobe Acrobat Reader DC TIF File Parsing Integer Overflow Remote Code Execution Vulnerability
The vulnerability stems from an integer overflow during TIF file parsing in Adobe Acrobat Reader DC, requiring user interaction to trigger.
Read more → -
ZDI-26-342: Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote Code Execution Vulnerability
The vulnerability affects the apiuser component in Progress Software Kemp LoadMaster and can be exploited remotely without authentication.
Read more → -
ZDI-26-341: Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory Remote Code Execution Vulnerability
The vulnerability requires authentication and affects the dolistapikeys functionality in Progress Software Kemp LoadMaster.
Read more → -
ZDI-26-340: Progress Software Kemp LoadMaster dodelapikey Uninitialized Memory Remote Code Execution Vulnerability
The vulnerability requires authentication and involves uninitialized memory in the dodelapikey function, potentially leading to remote code execution.
Read more → -
ZDI-26-339: Microsoft Windows Narrator Braille Support brlapi Exposed Dangerous Function Local Privilege Escalation Vulnerability
The vulnerability affects Microsoft Windows systems with Braille support for Narrator enabled, requiring local code execution and specific feature installation for exploitation.
Read more → -
ZDI-26-338: NVIDIA Transformers4Rec Model.load Deserialization of Untrusted Data Remote Code Execution Vulnerability
The vulnerability requires user interaction, such as opening a malicious file or visiting a malicious page, to trigger remote code execution.
Read more → -
ZDI-26-337: X.Org Server CheckKeyTypes Buffer Overflow Privilege Escalation Vulnerability
A buffer overflow in X.Org Server's CheckKeyTypes function may allow local privilege escalation.
Read more → -
ZDI-26-336: X.Org Server CheckKeyActions Out-Of-Bounds Read Information Disclosure Vulnerability
The vulnerability is a local out-of-bounds read in the CheckKeyActions function of X.Org Server, potentially disclosing sensitive information.
Read more → -
ZDI-26-335: X.Org Server SyncAwaitFence Use-After-Free Privilege Escalation Vulnerability
A use-after-free in X.Org Server's SyncAwaitFence function may allow local privilege escalation.
Read more → -
ZDI-26-334: X.Org Server CheckSetGeom Out-Of-Bounds Read Information Disclosure Vulnerability
The vulnerability is an out-of-bounds read in the CheckSetGeom function of X.Org Server, potentially disclosing sensitive information to local attackers.
Read more → -
ZDI-26-333: X.Org Server XkbSetCompatMap Integer Underflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to…
Read more → -
ZDI-26-332: QEMU calc_image_hostmem Integer Overflow Local Privilege Escalation Vulnerability
The vulnerability involves an integer overflow in QEMU's calc_image_hostmem function, potentially allowing local privilege escalation within the guest environment.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CVE-2026-42271 involves command injection in BerriAI LiteLLM, indicating potential for unauthorized command execution where the software is deployed.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-28318 is an uncontrolled resource consumption vulnerability in SolarWinds Serv-U, now listed in CISA's KEV Catalog due to evidence of active exploitation.
Read more → -
NAVTOR NavBox
The advisory states that hard-coded credentials in NavBox's SOAP implementation could allow a local attacker to bypass authentication and access privileged file operations.
Read more → -
Hitachi Energy MACH HiDraw
The vulnerability affects MACH HiDraw versions 9.22 and prior, with exploitation requiring authenticated local access and a specially crafted XML file.
Read more → -
Hitachi Energy ITT600 Explorer
The affected ITT600 Explorer versions include those prior to 2.1 SP6 and specifically 2.1 SP6 itself, with a patch available in 2.1 SP6 HF1.
Read more → -
B&R PPT30 Operating System
The vulnerability affects the OPC-UA server in B&R PPT30 Operating System versions prior to 1.8.0 and could be exploited by an unauthenticated network-based attacker to block access to the service.
Read more → -
Hitachi Energy RTU500
The advisory lists multiple overlapping version ranges for the RTU500 series CMU firmware, with repeated CVEs across entries, which may indicate consolidated reporting of previously disclosed issues.
Read more → -
ZDI-26-328: ASUS Business Manager Service Client-Side Authentication Local Privilege Escalation Vulnerability
The vulnerability involves client-side authentication in the ASUS Business Manager Service, which may allow local privilege escalation if exploited.
Read more → -
ZDI-26-331: (Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal Remote Code Execution Vulnerability
The vulnerability involves directory traversal in Microsoft Edge's feedback log file handling, potentially enabling remote code execution with user interaction.
Read more → -
ZDI-26-330: (Pwn2Own) Microsoft Edge Navigation Handling Universal Cross-Site Scripting Vulnerability
The vulnerability requires user interaction to visit a malicious page or open a malicious file, indicating execution depends on social engineering.
Read more → -
ZDI-26-329: (Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability
The vulnerability requires user interaction, such as visiting a malicious page, to exploit a security bypass in Microsoft Edge.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The added vulnerability involves deserialization of untrusted data in a Magento extension, a flaw type often exploited to achieve remote code execution.
Read more → -
ZDI-26-327: Docker Desktop grpcfuse Kernel Module Uncontrolled Recursion Denial-of-Service Vulnerability
The vulnerability resides in the Docker Desktop grpcfuse kernel module, which can be triggered by low-privileged code running inside a container.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CVE-2022-0492 involves improper authentication in the Linux kernel, a component present in many enterprise and embedded systems. Its inclusion in the KEV catalog indicates observed exploitation despite its 2022 publication date.
Read more → -
CISA and Partners Urge Hardening Automatic Tank Gauge Systems
The advisory states that internet-exposed ATG systems are being targeted via hardcoded credentials and command execution. Removing these systems from public networks is explicitly recommended.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2024-21182 is an unspecified vulnerability in Oracle WebLogic Server now confirmed as actively exploited.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-0257 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS that CISA has observed being actively exploited.
Read more → -
Supply Chain Compromises Impact Nx Console and GitHub Repositories
The malicious Nx Console extension (18.95.0) was distributed via VS Code’s automatic update mechanism, potentially affecting systems without user interaction.
Read more → -
ABB EIBPORT
The advisory states that affected ABB EIBPORT devices can expose session IDs and allow configuration changes if exploited. A firmware update is available to address the vulnerabilities.
Read more → -
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
The advisory states that hard-coded administrative credentials are present in the firmware of the affected device, which can be extracted and used to gain unauthorized access.
Read more → -
ABB Busch-Welcome 2 Wire Door Opener Actuator
The advisory states that toggling the mode switch and restarting power can recalibrate the system to correct the misconfiguration.
Read more → -
Fourth Frontier Frontier X Mobile Application, Frontier X2
The advisory states that unauthenticated BLE access allows read/write of critical GATT characteristics, and the mobile app does not authenticate the connected device, enabling spoofing and data injection.
Read more → -
CP Plus 8 Ch. Network Video Recorder
The advisory specifies a stored XSS vulnerability that persists in the device backend and executes when users access affected pages.
Read more → -
XCharge C6
The advisory states that XCharge C6 devices with firmware prior to May 22, 2026, are affected by multiple critical vulnerabilities, including firmware update mechanisms that lack cryptographic validation.
Read more → -
KMW CCTV Security Cameras
The advisory states that affected KMW cameras allow unauthenticated password resets, enabling full access to camera feeds and settings.
Read more → -
MacGregor Voyage Data Recorder (VDR) G4e
The advisory states that default credentials are present without enforced password changes, and authenticated users can extract password hashes via backup files.
Read more → -
ZDI-26-326: TrendAI Vision One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
The vulnerability is a time-of-check to time-of-use (TOCTOU) issue in the TrendAI Vision One Security Agent that can be exploited by local attackers to escalate privileges.
Read more → -
ZDI-26-325: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation in TrendAI Vision One Security Agent.
Read more → -
ZDI-26-324: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability is a local privilege escalation in TrendAI Vision One Security Agent due to origin validation error.
Read more → -
ZDI-26-323: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation.
Read more → -
ZDI-26-322: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation.
Read more → -
ZDI-26-321: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation within TrendAI Vision One Security Agent.
Read more → -
ZDI-26-320: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires an attacker to already have the ability to execute low-privileged code on the system.
Read more → -
CISA Adds Three Known Exploited Vulnerabilities to Catalog
The advisory adds two vulnerabilities involving embedded malicious code in developer tools, which may indicate supply chain compromise.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-48172 is a privilege escalation vulnerability in the LiteSpeed cPanel plugin, now added to CISA's KEV Catalog due to evidence of active exploitation.
Read more → -
ABB Terra AC
The advisory states that unencrypted OCPP communications can enable exploitation of a heap-based buffer overflow, potentially allowing remote firmware manipulation.
Read more → -
ABB LVS MConfig
The advisory states that sensitive information, including passwords, may be stored in cleartext in memory during runtime and exposed via memory dump files.
Read more → -
ABB Ability Camera Connect
The advisory states that an outdated VLC media player component in ABB Ability Camera Connect versions up to 1.5.0.14 contains multiple memory-related vulnerabilities, with a CVSS score of 9.8.
Read more → -
Eppendorf BioFlo 320
The advisory states that all versions of the Eppendorf BioFlo 320 bioreactor are affected due to a hard-coded password in a VNC server, which could allow full access if remote access is enabled.
Read more → -
ABB AbilityTM Zenon Remote Transport Vulnerability
The vulnerability allows unauthorized reboot of the system via the Remote Transport Service due to missing authentication, but requires prior network access.
Read more → -
ABB AC500 V2
The advisory states that fragments of previous Modbus responses may be exposed due to a buffer over-read when unsupported function codes are sent to the AC500 V2 Modbus server.
Read more → -
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
The advisory states that the System Diagnostics Manager (SDM) is disabled by default in Automation Runtime 6 and not intended to be enabled outside secured production networks.
Read more →