CVE-2026-49141 WACRM Authorization Bypass via Automation Engine Endpoint

WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...

CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

Syxsense Platform: Unified Security and Endpoint Management

As threats grow and attack surfaces get more complex, companies continue to struggle with the multitude of tools they utilize to handle endpoint security and management. This can leave gaps in an enterprise's ability to identify devices that are accessing the network and in ensuring that those...

Johnsoncontrols Metasys Improper Restriction of XML External Entity Reference

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server ADS, ADS-Lite versions 10.1 and prior; Metasys Extended Application and...

CA Technologies Client Automation and Workload Automation AE Access Control Error Vulnerability

CA Automic Workload Automation is a suite of workload automation solutions from CA USA. The product includes features such as data-driven event automation, managed file transfer, version control and lifecycle management. An access control error vulnerability exists in CA Common Services DIA in CA...

Johnson Controls MS-NCE2510-0 Metasys NCE Controller

Binary data 764894.prm...

Ansible 2.1.4 / 2.2.1 - Command Execution Vulnerability

Exploit for linux platform in category remote exploits Computest security advisory CT-2017-0109 Summary: Command execution on Ansible controller from host Affected software: Ansible CVE: CVE-2016-9587 Reference URL: https://www.computest.nl/advisories/ CT-2017-0109Ansible.txt Affected versions:...

TestingWhiz - Codeless Software Testing Automation Tool

TestingWhiz is a test automation tool for web, database, cloud, mobile and web services/API testing from Cygnet Infotech. It has a codeless architecture based on FAST Automation Engine with 290+ readily available test commands that provide easy, intuitive and fast automation solution without...

CVE-2014-5428

Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server ADS, Extended Application and Data Server aka ADX, LonWorks Control Server 85 LCS8520, Network Automation Engine NAE 55xx-x, Network Integration...

CVE-2014-5427

CVE-2014-5427 affects Johnson Controls Metasys 4.1–6.5 (ADS, ADX, LCS8520, NAE 55xx-x, NIE 5xxx-x, NxE8500). A remote, unauthenticated attacker can read password hashes via a POST request, exposing credentials and affecting confidentiality. Connected sources indicate multiple advisories and a pat...

TestingWhiz - Test Automation Tool

TestingWhiz is a test automation tool for web, database, cloud, mobile and web services/API testing from Cygnet Infotech. It has a codeless architecture based on FAST Automation Engine with 290+ readily available test commands that provide easy, intuitive and fast automation solution without...

CVE-2012-3316

Cross-site scripting XSS vulnerability in the Tivoli Process Automation Engine TPAE in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk...

CVE-2012-3316

Technical details about CVE-2012-3316 are not publicly available in the provided documents. Monitor for updates from official sources for affected products, versions, and fixes.

CVE-2012-3316

Cross-site scripting XSS vulnerability in the Tivoli Process Automation Engine TPAE in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk...