1565 matches found
CVE-2026-34184
Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed...
CVE-2026-34185
Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections are in place, an authenticated attacker can inject arbitrary SQL commands, potentially gaining full control over the database.This issue was fixed in Hydrosystem Control Syst...
CVE-2026-34185
CVE-2026-34185 — SQL Injection in Hydrosystem Control System Affected product: Hydrosystem Control System.Vulnerability: SQL Injection across most scripts and input parameters due to lack of protections.Impact: With authentication, an attacker can inject arbitrary SQL commands, potentially gainin...
CVE-2026-34185
Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections are in place, an authenticated attacker can inject arbitrary SQL commands, potentially gaining full control over the database.This issue was fixed in Hydrosystem Control Syst...
CVE-2026-34185 SQL Injection in Hydrosystem Control System
Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections are in place, an authenticated attacker can inject arbitrary SQL commands, potentially gaining full control over the database.This issue was fixed in Hydrosystem Control Syst...
CVE-2026-34185 SQL Injection in Hydrosystem Control System
Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections are in place, an authenticated attacker can inject arbitrary SQL commands, potentially gaining full control over the database.This issue was fixed in Hydrosystem Control Syst...
CVE-2026-34184 Missing Authorization in Hydrosystem Control System
Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed...
CVE-2026-34184 Missing Authorization in Hydrosystem Control System
Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed...
CVE-2026-4901 Insertion of Sesitive Information into Log File in Hydrosystem Control System
Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized...
CVE-2026-4901
Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized...
CVE-2026-4901
CVE-2026-4901 relates to Hydrosystem Control System logging credentials to a log file. The description states that sensitive information, including user credentials, is written to logs, enabling an attacker to obtain further access. This issue is tied to CVE-2026-34184, which describes missing au...
CVE-2025-13926
creationtimestamp| type| source ---|---|--- 2026-04-09 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-01 2026-04-09 20:55:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3oz6effv2q 2026-04-09 21:10:36+00:00| seen|...
CVE-2026-4436
creationtimestamp| type| source ---|---|--- 2026-04-09 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02 2026-04-09 21:22:41+00:00| published-proof-of-concept| Telegram/3Mh7UNYEFXpMlnqwZliCqvVomRJKwd1lMrCq1dUb7HxJoTM 2026-04-09 21:37:12+00:00| seen|...
CVE-2026-25601
A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...
CVE-2026-25601
A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...
CVE-2026-25601 Credential Exposure vulnerability in MEPIS RM
A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...
CVE-2026-23345
A flaw was found in the Linux kernel. When the FEATLPA2 feature is enabled on ARM64 systems, the kernel incorrectly handles the PTESHARED bits in Graphics Control System GCS memory mappings. This misconfiguration can lead to a kernel paging request and subsequently a system panic, resulting in a...
CVE-2026-3650
creationtimestamp| type| source ---|---|--- 2026-03-24 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-083-01 2026-03-26 11:32:08+00:00| seen| https://infosec.exchange/users/technadu/statuses/116295252558351450 2026-03-26 11:33:45+00:00| seen|...
CVE-2026-25086
creationtimestamp| type| source ---|---|--- 2026-03-19 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08 2026-03-21 23:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhm54n4dr32h...
CVE-2026-28204
creationtimestamp| type| source ---|---|--- 2026-03-19 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-06...