CVE-2025-64119

A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...

EUVD-2025-206227

A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...

CVE-2025-64119

A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...

CVE-2025-64123 Nuvation Energy Multi-Stack Controller Proxy service allows arbitrary BMS access

Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Network Boundary Bridging.This issue affects Multi-Stack Controller MSC: through and including release 2.5.1...

CVE-2025-64119 Nuvation Energy BMS Client-side Authentication

A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...

CVE-2025-64119 Nuvation Energy BMS Client-side Authentication

A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...

PT-2026-1134

Name of the Vulnerable Software and Affected Versions Nuvation Battery Management System versions through 2.3.9 Description A flaw exists in the Nuvation Battery Management System that permits authentication bypass. This allows unauthorized access to critical battery management functions via the...

CVE-2025-8449

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network...

EnerSys AMPA 安全漏洞

EnerSys AMPA is an industrial-grade battery management system from EnerSys, Inc. designed as an intelligent monitoring platform for power equipment. A security vulnerability exists in EnerSys AMPA versions 24.04 through 24.16 that stems from a command injection issue that could lead to privileged...

EnerSys AMPA 安全漏洞

EnerSys AMPA is an industrial-grade battery management system from EnerSys, Inc. designed as an intelligent monitoring platform for power equipment. A security vulnerability exists in EnerSys AMPA version 22.09 and earlier, which stems from a command injection issue that could lead to privileged...

The vulnerability of the bq27xxx_battery_i2c_remove() function in the drivers/power/supply/bq27xxx_battery_i2c.c module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the bq27xxxbatteryi2cremove function in the drivers/power/supply/bq27xxxbatteryi2c.c module of the Linux kernel is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the Linux operating system’s kernel supply component, which allows a hacker to cause a service failure

The vulnerability of the Linux operating system’s kernel’s supply component is related to errors in resource management in the bq27xxxbatteryi2cremove function. Exploiting this vulnerability can allow an attacker to cause a service failure...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that stems from a heap buffer overflow in the Google BMS kernel, which may result in out-of-bounds writes...

CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

CVE-2021-22815

A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2: AP9630/AP9630CH/AP9630J,...

CVE-2021-22814

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

Information disclosure

A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2: AP9630/AP9630CH/AP9630J,...

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

CVE-2021-22815

The CVE-2021-22815 entry covers an Information Exposure vulnerability in Schneider Electric NMC/NMC2/NMC3 embedded devices and related APC equipment. Affected products include 1-phase and 3-phase UPS with NMC2/NMC3 (AP9630/9631/9635 on NMC2; AP9640/9641/9643 on NMC3), NMC2/NMC3-based PDUs, XRDP/X...

CVE-2021-22814

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...