Lucene search
K

16 matches found

EUVD
EUVD
added 2026/03/27 9:31 a.m.4 views

EUVD-2026-16575

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...

8.3CVSS5.9AI score0.00137EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.7 views

PT-2026-28634

Name of the Vulnerable Software and Affected Versions Thales Sentinel LDK Runtime versions prior to 10.22 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can...

8.3CVSS5.9AI score0.00137EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.6 views

CVE-2026-21660

Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...

9.8CVSS5.9AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.4 views

CVE-2026-21656

Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...

9.8CVSS6AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.5 views

CVE-2026-21654

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...

9.8CVSS5.9AI score0.01506EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.6 views

CVE-2026-21659

Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion LFI vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects...

9.8CVSS6.4AI score0.00909EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 9:16 a.m.3 views

CVE-2026-21656

Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...

9.8CVSS5.8AI score0.00392EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 9:16 a.m.10 views

CVE-2026-21654

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...

9.8CVSS0.01506EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 9:16 a.m.8 views

CVE-2026-21656

Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...

9.8CVSS0.00392EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 9:8 a.m.29 views

CVE-2026-21659

The CVE-2026-21659 entry describes an unauthenticated Remote Code Execution and Information Disclosure due to a Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD (versions prior to 10.22). Affected component is the Frick Quantum HD system; root cause is LFI le...

9.8CVSS6.3AI score0.00909EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 9:8 a.m.4 views

CVE-2026-21659 Johnson Controls -Frick Quantum HD-Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion

Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion LFI vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects...

8.7CVSS6.1AI score0.00909EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 8:59 a.m.18 views

CVE-2026-21658

Johnson Controls Frick Controls Quantum HD is affected by CVE-2026-21658, an unauthenticated remote code execution (code injection) vulnerability caused by insufficient validation of input parameters. The issue allows code execution before authentication, impacting Quantum HD versions up to 10.22...

9.8CVSS6AI score0.00626EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 8:54 a.m.4 views

CVE-2026-21657 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...

8.8CVSS5.8AI score0.00392EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 8:54 a.m.14 views

CVE-2026-21657

CVE-2026-21657 : Johnson Controls Frick Controls Quantum HD (versions 10.22 and earlier) contains an unauthenticated code injection flaw due to insufficient input validation in certain parameters, enabling code generation/execution before authentication. Multiple sources (NVD/Red Hat/EUVD/NVD eco...

9.8CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/27 8:38 a.m.7 views

CVE-2026-21654

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...

9.8CVSS5.9AI score0.01506EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/27 8:38 a.m.14 views

CVE-2026-21654

CVE-2026-21654 affects Johnson Controls Frick Controls Quantum HD (versions up to 10.22). Root cause: improper neutralization/validation of input leading to OS Command Injection. Impact: pre-authentication remote code execution and potential full device compromise; affected components/parameters ...

9.8CVSS5.9AI score0.01506EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder