CVE-2026-4769
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This fun
CVSS
9.8
Critical
EPSS
0.4%
p36
KEV
—
Exploit Today
11
0-100
Published: Jul 13, 2026 · Last modified: Jul 13, 2026 · CWE-912
0.4%EPSS · 30 days0.4%
2026-07-132026-07-16
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2010-201039.8 CRI90.9%
——27A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.2dCVE-2026-347697.7 HIG21.4%
——6Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct webPreferences by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer sandboxing or web security controls. Apps are only affected if they construct webPreferences from external or untrusted input without an allowlist. Apps that use a fixed, hardcoded webPreferences object are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.2d