163 matches found
Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)
CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...
Carrier Corporation i-VU Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Automated Logic WebCTRL Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
CVE-2025-15023
Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...
CVE-2025-15024
Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....
CVE-2025-15023
Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...
CVE-2025-15024
Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....
CVE-2025-15024 RCE in Yordam Informatics' Library Automation System
Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....
EUVD-2025-209859
Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....
CVE-2025-15023 Improper Access Control in Yordam Informatics' Library Automation System
Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...
CVE-2025-15023
CVE-2025-15023 describes an Incorrect Authorization vulnerability in Library Automation System from Yordam Informatics, affecting versions from 19.5 up to (but not including) 22.1. The issue stems from incorrectly configured access control security levels, enabling unauthorized access due to insu...
CVE-2025-15023
Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...
CVE-2025-15025 IDOR in Yordam Informatics' Library Automation System
Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 befor...
CVE-2025-15025
CVE-2025-15025 : In the Library Automation System, versions prior to 22.1 (from 21.6) are affected by an authorization bypass via a User-Controlled key, leading to exploitation of trusted identifiers. The issue is described as an IDOR-style authorization bypass with high impact (confidentiality, ...
CVE-2025-15025 IDOR in Yordam Informatics' Library Automation System
Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 befor...
PT-2026-40915
Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 befor...
PT-2026-41010
Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....
PT-2026-41009
Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...
CVE-2026-3843
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability CWE-89 in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in...
CVE-2026-3843 SQL Injection in Nefteprodukttekhnika BUK TS-G Allows Remote Code Execution
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability CWE-89 in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in...