Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/01/03 10:4 p.m.5 views

CVE-2025-64119

A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...

9.3CVSS6.6AI score0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/03 12:31 a.m.4 views

EUVD-2025-206227

A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...

9.3CVSS6.5AI score0.0036EPSS
Exploits0References2
NVD
NVD
added 2026/01/02 10:15 p.m.4 views

CVE-2025-64119

A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...

9.3CVSS0.0036EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/02 9:41 p.m.1 views

CVE-2025-64123 Nuvation Energy Multi-Stack Controller Proxy service allows arbitrary BMS access

Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Network Boundary Bridging.This issue affects Multi-Stack Controller MSC: through and including release 2.5.1...

7.9CVSS6.6AI score0.00274EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/02 9:26 p.m.4 views

CVE-2025-64119 Nuvation Energy BMS Client-side Authentication

A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...

9.3CVSS6.2AI score0.0036EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.3 views

PT-2026-1134

Name of the Vulnerable Software and Affected Versions Nuvation Battery Management System versions through 2.3.9 Description A flaw exists in the Nuvation Battery Management System that permits authentication bypass. This allows unauthorized access to critical battery management functions via the...

9.3CVSS6.8AI score0.0036EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/08/20 1:55 p.m.2 views

CVE-2025-8449

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network...

4.1CVSS6.8AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2022/01/28 8:15 p.m.12 views

CVE-2021-22815

A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2: AP9630/AP9630CH/AP9630J,...

5.3CVSS0.00768EPSS
Exploits0References1
NVD
NVD
added 2022/01/28 8:15 p.m.12 views

CVE-2021-22814

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

6.1CVSS0.00745EPSS
Exploits0References1
NVD
NVD
added 2022/01/28 8:15 p.m.17 views

CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

6.1CVSS0.00745EPSS
Exploits0References1
Prion
Prion
added 2022/01/28 8:15 p.m.23 views

Information disclosure

A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2: AP9630/AP9630CH/AP9630J,...

5CVSS5.4AI score0.00768EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/01/28 8:15 p.m.23 views

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

4.3CVSS6.2AI score0.00745EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/01/28 7:9 p.m.61 views

CVE-2021-22815

The CVE-2021-22815 entry covers an Information Exposure vulnerability in Schneider Electric NMC/NMC2/NMC3 embedded devices and related APC equipment. Affected products include 1-phase and 3-phase UPS with NMC2/NMC3 (AP9630/9631/9635 on NMC2; AP9640/9641/9643 on NMC3), NMC2/NMC3-based PDUs, XRDP/X...

5.3CVSS5.2AI score0.00768EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.16 views

CVE-2021-22814

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

6.5AI score0.00745EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.20 views

CVE-2021-22813

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...

6.4AI score0.00745EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.16 views

CVE-2021-22811

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply UP...

6.5AI score0.00745EPSS
Exploits0References1
OSV
OSV
added 2017/06/02 2:29 p.m.2 views

CVE-2017-6039

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device...

5.3CVSS5.8AI score0.01168EPSS
Exploits0References2
Rows per page
Query Builder