Malicious code in @aspect-security/argon2 (npm)

The package performs data exfiltration, arbitrary command execution in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b426577fc5361773d25297fdb9fce28835e15d9ab86909c6652f5c1b71c4e543 The package @aspect-security/argon2 was found to contain...

CVE-2024-13950

Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2025-30173

File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2024-13957 SSRF Server Side Request Forgery

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2024-13951 One way hash with predictable salt

One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2025-2410

Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2024-13928

SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2025-30170 Admin Authorized Exposure of file path, file size or file existence

Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through...

CVE-2025-2410 Admin Authorized Port (iptables) manipulation (open/close/disable ports)

Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

ABB Cylon Aspect 3.08.03 Hardcoded Secrets Vulnerability

ABB Cylon Aspect version 3.08.03 contains multiple instances of hardcoded credentials, including usernames, passwords, and encryption keys embedded in various java classes. This practice poses significant security risks, allowing attackers to gain unauthorized access and compromise the system's...

ABB ASPECT 安全漏洞

ABB ASPECT is a scalable building energy management and control solution from ABB Switzerland. ABB ASPECT has a security vulnerability that stems from the inclusion of a Use Default Credentials vulnerability...