PT-2026-5389

Name of the Vulnerable Software and Affected Versions Johnson Controls Metasys versions 12.0 through 14.1 Johnson Controls Metasys Application and Data Server ADS versions 14.1 and prior Johnson Controls Metasys Extended Application and Data Server ADX version 14.1 Johnson Controls Metasys System...

CVE-2025-64298

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

CVE-2025-64298 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

CVE-2025-64298 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

Security Bulletin: A security vulnerability has been identified in Micosoft SQL Server Express shipped with IBM Robotic Process Automation with Automation Anywhere CVE-2014-3566

Summary Microsoft SQL Server Express 2014 is shipped with IBM Robotic Process Automation with Automation Anywhere. Information about a security vulnerability affecting Microsoft SQL Server Express 2014 has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...

Not All Privileges are Assigned to Caller error during upgrade/install

Challenge When upgrading, the installer encounters the following error message which prevents it from proceeding: "Not all privileges or groups referenced are assigned to the caller" Affected Application Installers Veeam Backup & Replication Veeam Backup Enterprise Manager Veeam ONE Veeam Recover...

Hardcoded credentials

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...

CVE-2015-3001

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...

Solarwinds Orion Service SQL Injection Vulnerability

Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address...

SolarWinds Orion Service - SQL Injection

I found a couple SQL injection vulnerabilities in the core Orion service used in most of the Solarwinds products SAM, IPAM, NPM, NCM, etc…. This service provides a consistent configuration and authentication layer across the products. To be exact, the vulnerable applications and versions are:...

Veeam ONE: No Collection Data within Monitor, or Collection Stops Updating.

Challenge Data collection stops within Veeam ONE Monitor, or there is no longer any new data from a certain point. Cause This is due to the following database error involving a lack of space in the primary file group for the database .mdf file. Here is a snippet from the Monitor Logs that you wil...