Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/04/14 7:23 p.m.1 views

CVE-2026-23782

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

7.5CVSS5.8AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/14 7:23 p.m.1 views

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

8.8CVSS6.2AI score0.00215EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/10 3:31 p.m.1 views

EUVD-2026-21371

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

5.8AI score0.00098EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/04/10 12:0 a.m.2 views

BMC Control-M/MFT 安全漏洞

BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities stemmed from API management endpoints that...

7.5CVSS5.8AI score0.00098EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/04/10 12:0 a.m.2 views

PT-2026-31922

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

5.8AI score0.00098EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/10 12:0 a.m.23 views

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

0.00215EPSS
Exploits0References2
CVE
CVEadded 2026/04/10 12:0 a.m.2 views

CVE-2026-23781

CVE-2026-23781 affects BMC Control-M/MFT 9.0.20–9.0.22. A set of default debug user credentials is hardcoded in cleartext in the application package, and, if unchanged, could be obtained to gain unauthorized access to the MFT API debug interface. The CVSS v3.1 base score is 9.8 (CRITICAL) with ne...

9.8CVSS5.8AI score0.00075EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/10 12:0 a.m.3 views

CVE-2026-23782

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

5.8AI score0.00098EPSS
Exploits0References2
Rows per page
Query Builder