Lucene search
K

163 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)

CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...

8.6CVSS5.7AI score0.00139EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.3 views

Carrier Corporation i-VU Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

9.2CVSS5.9AI score0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

Automated Logic WebCTRL Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

9.2CVSS5.9AI score0.00287EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.6 views

CVE-2025-15023

Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...

8.8CVSS5.5AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.8 views

CVE-2025-15024

Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....

8.8CVSS5.6AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 6:16 p.m.25 views

CVE-2025-15023

Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...

8.8CVSS0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:48 p.m.6 views

CVE-2025-15024

Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....

8.8CVSS5.8AI score0.00246EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 5:48 p.m.45 views

CVE-2025-15024 RCE in Yordam Informatics' Library Automation System

Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....

8.8CVSS0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 5:48 p.m.24 views

EUVD-2025-209859

Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....

8.8CVSS5.8AI score0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 5:36 p.m.9 views

CVE-2025-15023 Improper Access Control in Yordam Informatics' Library Automation System

Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...

8.8CVSS5.8AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 5:36 p.m.15 views

CVE-2025-15023

CVE-2025-15023 describes an Incorrect Authorization vulnerability in Library Automation System from Yordam Informatics, affecting versions from 19.5 up to (but not including) 22.1. The issue stems from incorrectly configured access control security levels, enabling unauthorized access due to insu...

8.8CVSS5.8AI score0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:36 p.m.5 views

CVE-2025-15023

Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...

8.8CVSS5.8AI score0.00216EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 12:59 p.m.48 views

CVE-2025-15025 IDOR in Yordam Informatics' Library Automation System

Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 befor...

8.8CVSS0.00298EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 12:59 p.m.16 views

CVE-2025-15025

CVE-2025-15025 : In the Library Automation System, versions prior to 22.1 (from 21.6) are affected by an authorization bypass via a User-Controlled key, leading to exploitation of trusted identifiers. The issue is described as an IDOR-style authorization bypass with high impact (confidentiality, ...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 12:59 p.m.6 views

CVE-2025-15025 IDOR in Yordam Informatics' Library Automation System

Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 befor...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-40915

Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 befor...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-41010

Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....

8.8CVSS5.8AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-41009

Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...

8.8CVSS5.8AI score0.00216EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 11:7 a.m.2 views

CVE-2026-3843

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability CWE-89 in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in...

9.8CVSS6.4AI score0.00763EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/10 11:7 a.m.27 views

CVE-2026-3843 SQL Injection in Nefteprodukttekhnika BUK TS-G Allows Remote Code Execution

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability CWE-89 in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in...

9.8CVSS0.00763EPSS
Exploits0References2
Rows per page
Query Builder