CVE-2025-9289

CVE-2025-9289 is a Cross-Site Scripting (XSS) vulnerability in Omada Controllers caused by improper input sanitization in a parameter. Exploitation requires specific conditions (network positioning or impersonating a trusted entity) and interaction from an authenticated administrator, potentially...

PT-2026-4304

Name of the Vulnerable Software and Affected Versions Omada Controllers, Gateways and Access Points affected versions not specified Description An authentication weakness exists in Omada Controllers, Gateways, and Access Points related to controller-device adoption. This is due to improper handli...

TP-Link Omada controllers have security vulnerabilities

TP-Link Omada Controllers are a series of centralized management platforms developed by TP-Link Corporation. The TP-Link Omada Controllers have security vulnerabilities, which stem from improper parameter input handling. These vulnerabilities may lead to cross-site scripting attacks...

EUVD-2023-32092

Improper access control in firmware for some IntelR ThunderbolTM Controllers versions before 41 may allow a privileged user to enable denial of service via local access...

CVE-2025-37175 Authenticated Arbitrary File Upload Vulnerability in AOS-10 or AOS-8 Web-Based Management Interface

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...

Schneider Electric EcoStruxure Power Build Rapsody (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

Schneider Electric EcoStruxure Process Expert (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

USN-7922-5 linux-iot vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers...

USN-7922-5: Linux kernel (IoT) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers...

CVE-2023-43961

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2021-27367

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal...

CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

CVE-2022-33939

CENTUM VP / CS 3000 controller FCS CP31, CP33, CP345, CP401, and CP451 contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service DoS condition in ADL communication by sending a...

CVE-2020-7563

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...

CVE-2020-7487

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers...

CVE-2020-7537

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...

CVE-2020-12294

Insufficient control flow management in some IntelR ThunderboltTM controllers may allow an authenticated user to potentially enable denial of service via local access...

CVE-2020-12289

Out-of-bounds write in some IntelR ThunderboltTM controllers may allow an authenticated user to potentially enable denial of service via local access...

CVE-2020-12292

Improper conditions check in some IntelR ThunderboltTM controllers may allow an authenticated user to potentially enable denial of service via local access...

CVE-2020-24496

Insufficient input validation in the firmware for IntelR 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access...