Plex Media Server contains a remote code execution vulnerability that could allow a remote, authenticated attacker to execute arbitrary Python code.

Sources: NIST, CISA

XStream's XStream contains a remote code execution vulnerability that could allow an attacker to manipulate the processed input stream and replace or inject objects, resulting in execution of a local command on the server.

Sources: CISA, NIST

Akuvox E11 contains improper authentication, use of hard-coded credentials, hidden functionality vulnerabilities and more that can cause loss of sensitive information, unauthorized access and grant full administrative control to an attacker.

Sources: CISA, Akuvox

B&R Systems Diagnostics Manager contains a cross-site scripting vulnerability that can allow an attacker to execute arbitrary code to exfiltrate data and perform any action within the user's browser session.

Sources: CISA, B&R

ABB Ability Symphony Plus contains an improper authentication vulnerability that could allow an unauthorized client to connect to the S+ Operations servers.

Sources: CISA, ABB

STEPTools Ifcmesh Library contains a null pointer dereference vulnerability that could allow an attacker to deny application usage when reading a specially constructed file.

Sources: CISA, StepTools

Hitachi Energy Relion 670, 650 and SAM600-IO Series contains an insufficient verification of data authenticity vulnerability that could cause the Intelligent Electronic Device (IED) to restart, causing a temporary denial-of-service condition.

Sources: CISA, Hitachi Energy