Lucene search
K

18761 matches found

Nuclei
Nuclei
added yesterday107 views

TrakSYS 11.x.x - Sensitive Data Exposure

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

6.9CVSS5.5AI score0.02053EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday63 views

Automation Anywhere Automation 360 - Server-Side Request Forgery

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. id: CVE-2024-6922 info: name: Automation Anywhere Automation 360 - Server-Side Request Forgery author: DhiyaneshDK severity: high description: | Automation Anywhere Automation 360 v21-v...

6.9CVSS6.1AI score0.30172EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday55 views

D-Link Central WifiManager - Server-Side Request Forgery

D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...

8.6CVSS6.8AI score0.44101EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday87 views

Open Automation Software OAS Platform V16.00.0121 - Missing Authentication

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS7AI score0.37606EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday59 views

ECOA Building Automation System - Arbitrary File Retrieval

The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. id: CVE-2021-41293 info: name: ECOA Building Automation...

7.5CVSS7AI score0.20084EPSS
Exploits1References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42959

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8.8CVSS6.1AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-2398 IDOR in AdamPOS' MobilMen 20T

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8.8CVSS0.0025EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42620

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...

3.1CVSS6AI score0.00303EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42612

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS5.9AI score0.00297EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-59207

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS6.1AI score0.00263EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56826

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.61 n8n versions prior to 2.27.4 n8n versions prior to 2.28.1 Description An authenticated member with use-only editor access to a shared workflow can read credential-populated headers exposed via the $request object...

7.1CVSS6.1AI score0.00303EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 6 days ago14 views

Important: Red Hat Security Advisory: Red Hat Edge Manager Version 1.0.3 Security Update

Red Hat Edge Manager Version 1.0.3 Security Update Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports image-mode RHEL and container workloads that run on Podman/Docker or Kubernetes. RHEM is now available as a...

10CVSS6.9AI score0.01735EPSS
Exploits7References28
IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid.

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid. CVE-2026-41988 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected writes when external outp...

3.2CVSS5.9AI score0.00181EPSS
Exploits1Affected Software2
NVD
NVD
added 2026/07/06 11:16 a.m.8 views

CVE-2026-6900

Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5...

9.1CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 10:1 a.m.17 views

CVE-2026-6901

CVE-2026-6901 affects B&R Industrial Automation GmbH APROL (pre-R 4.4-01P5). The vulnerability is described as an Untrusted Search Path issue. According to the provided metrics, the impact is high for confidentiality and integrity (CVSS v3.1: HIGH/C:H/I:H; LOCAL access, no user interaction) with ...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 9:53 a.m.15 views

CVE-2026-6900

CVE-2026-6900 affects B&R Industrial Automation GmbH APROL, with a vulnerability in improper certificate validation. The issue impacts APROL versions before R 4.4-01P5. The CVSS metrics indicate a high to critical impact depending on the vector set: CVSS 3.1 base score 7.4 (HIGH) with network acc...

9.1CVSS5.9AI score0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:53 a.m.7 views

CVE-2026-6900

Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5...

9.1CVSS5.9AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 8:57 a.m.3 views

SUSE-SU-2026:2777-1 Security update for cryptsetup, s390-tools

This update for cryptsetup, s390-tools fixes the following issue Security fixes: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270185. Changes for s390-tools: - Upgrade s390-tools to version 2.41.0 jscPED-15860 - Automatically set...

9.8CVSS6.1AI score0.00298EPSS
Exploits0References6
OSV
OSV
added 2026/07/05 12:5 p.m.6 views

RLSA-2026:30845 Moderate: mod_md security update

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: httpd:...

7.5CVSS5.9AI score0.00628EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 9:20 p.m.3 views

MAL-2026-6730 Malicious code in ue-automation-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbc2db9a2a365d53d76fe7ca2a8f219f98118d99b53698cf7ce8b31cf81eda3f Package name 'ue-automation-scripts' with version 99999.0.0 is the canonical dependency-confusion shape used to hijack installs on internal CI system...

6.1AI score
Exploits0References2
Rows per page
Query Builder