Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/04/14 7:23 p.m.4 views

CVE-2026-23781

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

9.8CVSS5.8AI score0.00284EPSS
Exploits0References1
NVD
NVDadded 2026/04/10 3:16 p.m.5 views

CVE-2026-23782

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

7.5CVSS0.00272EPSS
Exploits0References2
CVE
CVEadded 2026/04/10 12:0 a.m.5 views

CVE-2026-23782

The CVE-2026-23782 affects BMC Control-M/MFT 9.0.20–9.0.22. An API management endpoint can be accessed without authentication to disclose an API identifier and its secret, enabling invocation of privileged API operations and potential unauthorized access. The issue is documented across multiple s...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/10 12:0 a.m.2 views

CVE-2026-23781

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

5.8AI score0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/10 12:0 a.m.3 views

PT-2026-31937

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

5.8AI score0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/10 12:0 a.m.0 views

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

6.2AI score0.00401EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/10 12:0 a.m.3 views

BMC Control-M/MFT 安全漏洞

BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities were due to improper input validation in the...

8.8CVSS6.3AI score0.00401EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/10 12:0 a.m.29 views

CVE-2026-23782

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

0.00272EPSS
Exploits0References2
Rows per page
Query Builder