Lucene search
K

18728 matches found

Nuclei
Nuclei
added 13 hours ago47 views

TrakSYS 11.x.x - Sensitive Data Exposure

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

6.9CVSS5.1AI score0.02053EPSS
Exploits0References4
Nuclei
Nuclei
added 13 hours ago30 views

Open Automation Software OAS Platform V16.00.0121 - Missing Authentication

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS7.3AI score0.37606EPSS
Exploits1References4
NVD
NVD
added yesterday6 views

CVE-2025-36359

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...

8.1CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-13449

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2025-210374

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...

8.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2025-36359 IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...

8.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-13449 XXE attack in IBM Business Automation Manager Open Editions

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-13449 DESCRIPTION: IBM Business Automation Manager Open Editions is vulnerable t...

7.6CVSS5.8AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2 days ago4 views

Moderate: Red Hat Security Advisory: mod_md security update

An update for modmd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.3CVSS7AI score0.00628EPSS
Exploits0References2
NVD
NVD
added 2 days ago8 views

CVE-2026-57953

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40138

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS5.8AI score0.00253EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-57953 Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS0.00253EPSS
Exploits0References4
CVE
CVE
added 2 days ago9 views

CVE-2026-57953

The vulnerability affects Mythic prior to version 3.4.0.60 and is due to an authorization bypass that allows authenticated spectator-role users to perform unauthorized write operations via the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Exploitation...

5.4CVSS5.8AI score0.00253EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago4 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383, CVE-2026-11541, CVE-2026-11536)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

8.5CVSS6.3AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago5 views

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes June 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structure...

9.8CVSS8AI score0.01735EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago6 views

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.18.0 shipped with IBM Cloud Pak for Business Automation iFixes for June 2026

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation June 2026 security fixes update this dependency beyond 4.18.0 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2024-45310 DESCRIPTION: runc is a CL...

9.8CVSS8.4AI score0.01945EPSS
Exploits4Affected Software2
Nuclei
Nuclei
added 2 days ago36 views

ECOA Building Automation System - Arbitrary File Retrieval

The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. id: CVE-2021-41293 info: name: ECOA Building Automation...

7.5CVSS7.2AI score0.20084EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago36 views

Automation Anywhere Automation 360 - Server-Side Request Forgery

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. id: CVE-2024-6922 info: name: Automation Anywhere Automation 360 - Server-Side Request Forgery author: DhiyaneshDK severity: high description: | Automation Anywhere Automation 360 v21-v...

6.9CVSS5.8AI score0.30172EPSS
Exploits0References3
Nuclei
Nuclei
added 3 days ago54 views

D-Link Central WifiManager - Server-Side Request Forgery

D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...

8.6CVSS6.9AI score0.44101EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-54351

Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger allows an attacker to overwrite the interna...

9.6CVSS6AI score0.00412EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder