18791 matches found
TrakSYS 11.x.x - Sensitive Data Exposure
A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...
Automation Anywhere Automation 360 - Server-Side Request Forgery
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. id: CVE-2024-6922 info: name: Automation Anywhere Automation 360 - Server-Side Request Forgery author: DhiyaneshDK severity: high description: | Automation Anywhere Automation 360 v21-v...
D-Link Central WifiManager - Server-Side Request Forgery
D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...
CVE-2026-9810
The CVE-2026-9810 entry concerns the AI Copilot WordPress plugin prior to version 1.5.4. The root cause is that the plugin does not bind OAuth access tokens to a WordPress user, allowing any valid token to be treated as an administrator session. Consequently, unauthenticated attackers completing ...
ECOA Building Automation System - Arbitrary File Retrieval
The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. id: CVE-2021-41293 info: name: ECOA Building Automation...
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...
CVE-2026-54568
Microsoft UFO open-source framework for intelligent automation across devices and platforms. From 3.0.0 until 3.0.6, a client connected to the UFO WebSocket server as a DEVICE could call DEVICEINFOREQUEST with another device's targetid and receive that device's server-side systeminfo through...
Important: Red Hat Security Advisory: Red Hat Edge Manager Version 1.1.3 Security Update
Red Hat Edge Manager Version 1.1.3 Security Update Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports image-mode RHEL and container workloads that run on Podman/Docker or Kubernetes. RHEM is now available as a...
RHEL 10 / 9 : Red Hat Edge Manager Version 1.1.3 Security Update (Important) (RHSA-2026:41019)
The remote Redhat Enterprise Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:41019 advisory. Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports...
Important: Red Hat Security Advisory: Red Hat Edge Manager Version 1.1.3 Security Update
Red Hat Edge Manager Version 1.1.3 Security Update Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports image-mode RHEL and container workloads that run on Podman/Docker or Kubernetes. RHEM is now available as a...
CVE-2026-12659
The CVE-2026-12659 issue affects Rockwell Automation’s Flex 5000® Adapter. It is a denial-of-service vulnerability caused by improper handling of exceptional conditions when processing crafted CIP packets sent to the adapter. The impact is a loss of availability in the affected module and I/O, wi...
CVE-2026-9636
CVE-2026-9636 affects Rockwell CompactLogix 5380, ControlLogix 5580, and EN4 communications modules. The issue is in CIP Security certificate revocation handling: the controller may fail to reject certificates signed by intermediates that have been revoked via a CRL, potentially allowing a networ...
CVE-2026-10577
The CVE-2026-10577 entry concerns the 1715-AENTR EtherNet/IP Adapter, where a network-accessible debug port does not enforce proper privilege controls. This allows unauthenticated remote access to destructive CLI commands, potentially enabling read/delete of files, stopping tasks, memory modifica...
CVE-2026-2398 IDOR in AdamPOS' MobilMen 20T
Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
EUVD-2026-42959
Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
EUVD-2026-42620
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...
EUVD-2026-42612
n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...
CVE-2026-59207
n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...
PT-2026-56826
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.61 n8n versions prior to 2.27.4 n8n versions prior to 2.28.1 Description An authenticated member with use-only editor access to a shared workflow can read credential-populated headers exposed via the $request object...
Important: Red Hat Security Advisory: Red Hat Edge Manager Version 1.0.3 Security Update
Red Hat Edge Manager Version 1.0.3 Security Update Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports image-mode RHEL and container workloads that run on Podman/Docker or Kubernetes. RHEM is now available as a...