CVE-2021-21867

creationtimestamp| type| source ---|---|--- 2021-08-18 18:17:07+00:00| seen| https://t.me/cibsecurity/27530 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...

Advantech WebAccess/NMS

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/NMS Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the exposure of resources or functionality and...

COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass Vulnerability

Exploit Title: COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page:...

COMMAX Biometric Access Control System 1.0.0 Authentication Bypass

COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application suffers from an authentication bypass vulnerability. An unauthenticated...

COMMAX Smart Home IoT Control System CDP-1020n SQL Injection

COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: CDP-1020n 481 System Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides...

COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass

Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application suffers from an SQL Injection vulnerability. Input passed through the 'id' POST parameter in 'loginstart.asp' is not properly...

COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS

Summary Biometric access control system. Description The application is vulnerable to an unauthenticated reflected cross-site scripting XSS vulnerability. Input passed to the Cookies 'CMXADMINNM' and 'CMXCOMPLEXNM' is not properly sanitised before being returned to the user. This can be exploited...

MAC1100 PLC 安全漏洞

The MAC1100 PLC is an industrial control product PLC. A security vulnerability exists in the MAC1100 PLC that can be exploited by an attacker to gain access to the system and escalate privileges via a crafted package...

Jetbrains JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in versions of JetBrains TeamCity...

CVE-2021-33486

creationtimestamp| type| source ---|---|--- 2021-08-03 20:28:40+00:00| seen| https://t.me/cibsecurity/26752 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...

CVE-2021-23414

creationtimestamp| type| source ---|---|--- 2021-07-28 12:13:10+00:00| seen| https://t.me/cibsecurity/26551 2025-12-09 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-02...

LCDS LAquis SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

Weak Password Vulnerability in Tian Yue's O&M Security Gateway (CNVD-2021-58618)

Tian Yue O&M Security Gateway Cloud Fortress Machine is a compliance control system for controlling and auditing user O&M operations in business environment. There is a weak password vulnerability in Tian Yue Operations and Maintenance Security Gateway, which can be exploited by attackers to obta...

Logic Flaw Vulnerability in Microplants Industries Access Control Expert System

Shenzhen Weikeng Industrial Co., Ltd. is a professional manufacturer and developer of access control systems, access control equipment and access control software in China. There is a logic flaw vulnerability in Weikeng Industrial's access control expert system, which can be exploited by an...

Weak password vulnerability in ECMS

Changzhou Ruixin Technology is a manufacturer specializing in remote meter reading, energy consumption monitoring and energy control system construction. There is a weak password vulnerability in ECMS, which can be exploited by attackers to obtain sensitive information...

Gitlab Access Control Error Vulnerability (CNVD-2021-40764)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An access control error vulnerability exists in Gitlab th...

Command Execution Vulnerability in the Control System of Next-Generation Firewall of Shenzhen Zhongke NetWizard Technology Co. Ltd (CNVD-2021-44000)

ZKNETWORTH's next-generation firewall control system products are based on L2-7 layer access application control, integrating firewall, IPS intrusion detection, DDoS/DOS protection, AV virus protection; realizing comprehensive security protection for intranet, and providing security firewall...

IGSS Definition 缓冲区错误漏洞

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. A security vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The vulnerability...

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Metasys Servers, Engines, and Tools Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could give an authenticated...

Advantech iView

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: Missing Authentication for Critical Function, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...