Advantech EKI-1524, EKI-1522, EKI-1521 contains a stack-based buffer overflow vulnerability that can lead to a denial-of-service condition.

Sources: CVE, Advantech

IBM Cognos Command Center contains a vulnerability that could allow a local attacker to obtain sensitive information due to insufficient session expiration.

Sources: CVE, IBM X-Force Exchange

Mitsubishi Electric Factory Automation Products contain a dependency on vulnerable third-party component vulnerability that can allow a malicious attacker to escalate privileges, disclose parameter information in the affected products and cause a denial-of-service condition.

Sources: CISA, Mitsubishi Electric

Dataprobe iBoot-PDU (Update A) contains OS command injection, path traversal, improper authorization and more vulnerabilities that can lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device.

Sources: CISA, Dataprobe

TP-Link Archer AX-21 contains a command injection vulnerability that can allow an unauthenticated attacker to inject commands.

Sources: NIST, CISA

Apache Log4j contains a deserialization of untrusted data vulnerability that can allow a threat actor to leak sensitive information and lead to remote code execution.

Sources: NIST, CISA

Oracle WebLogic Server contains an unspecified vulnerability that can allow an unauthenticated attacker network access.

Sources: NIST, CISA