CVE-2025-14684

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...

CVE-2022-0488

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses csvtojson-2.0.10.tgz which is vulnerable to CVE-2025-57350.

Summary IBM Maximo Application Suite - Monitor Component uses csvtojson-2.0.10.tgz which is vulnerable to CVE-2025-57350. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-57350 DESCRIPTION: The csvtojson package, a tool for...

EUVD-2021-14182

Malware in sbrugna...

Security Bulletin: IBM Maximo Application Suite uses ansible-operator 7.11.6 which is vulnerable to CVE-2024-0690.

Summary IBM Maximo Application Suite uses ansible-operator 7.11.6 which is vulnerable to CVE-2024-0690. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-0690 DESCRIPTION: Red Hat Ansible could allow a local authenticated attacker...

Security Bulletin: IBM Maximo Application Suite uses Flask_Cors-4.0.0-py2.py3-none-any.whl which is vulnerable to CVE-2024-1681

Summary IBM Maximo Application Suite uses FlaskCors-4.0.0-py2.py3-none-any.whl which is vulnerable to CVE-2024-1681. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-1681 DESCRIPTION: Flask-CORS could allow a remote attacker to...

Red Hat Enterprise Linux SEoL (8.10.x)

According to its version, Red Hat Enterprise Linux is 8.10.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL...

CVE-2024-22328

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 279950...

PT-2024-20317 · Unknown · Zentao Community Edition +2

Name of the Vulnerable Software and Affected Versions: ZenTao Community Edition versions 18.10 ZenTao Biz versions 8.10 ZenTao Max versions 4.10 Description: An arbitrary file upload issue in the /upgrade/control.php endpoint allows attackers to execute arbitrary code by uploading a crafted .txt...

CVE-2023-3385

Removed by vendor...

CVE-2023-27512

Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation...

Contec SolarView Compact 安全漏洞

Contec SolarView Compact is an application system from Contec Japan. It provides measurement system for photovoltaic power generation. A security vulnerability exists in Contec SolarView Compact SV-CPT-MC310 Ver.8.10 prior and SV-CPT-MC310F Ver.8.10 prior, which stems from the presence of an...

GitLab 8.10.x - 11.2.6, 11.3.x - 11.3.7, 11.4.x - 11.4.2 Information Disclosure Vulnerability

GitLab is prone to a cleartext storage of sensitive information vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Code injection

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

CVE-2021-27428 GE UR family Unrestricted Upload of File with Dangerous Type

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

Authorization

Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359 MR3; 8.20 versions prior t...

CVE-2019-18643

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...

CVE-2020-16104

SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects:...

CVE-2020-5765

Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additiona...

ICSA-20-070-04_Johnson Controls Kantech EntraPass

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Kantech, a subsidiary of Johnson Controls Equipment: EntraPass Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code...