Lucene search
K

60 matches found

Nuclei
Nuclei
added 2026/06/25 5:45 a.m.20 views

ThinkPHP < 3.2.4 - Remote Code Execution

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via the s parameter in index.php through the invokefunction functionality. id: CVE-2019-9082 info: name: ThinkPHP 3.2.4 - Remote Code Execution author: 0xanis severity: high description: |...

9.3CVSS7.5AI score0.97419EPSS
Exploits8References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: power: supply: In the pm8916bmsvm module, there was a use-after-free issue in the powersupplychanged function. The use of the devm variant for requesting IRQs before using the devm variant for allocating/registering the powersupp...

7.8CVSS5.8AI score0.00159EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 3:33 p.m.14 views

EUVD-2026-32348

In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916bmsvm: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

5.8AI score0.00159EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/27 12:16 p.m.44 views

CVE-2026-45882 power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed()

In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916bmsvm: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

0.00159EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 12:16 p.m.38 views

CVE-2026-45882

The CVE-2026-45882 issue affects the Linux kernel power supply subsystem, specifically the pm8916_bms_vm driver. A race condition arises from using devm_ variants for IRQ requests before the power_supply handle is registered, causing the handle to be deallocated/unregistered before the IRQ handle...

7.8CVSS5.8AI score0.00159EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24600

Name of the Vulnerable Software and Affected Versions Honeywell IQ4x building management controller affected versions not specified Description The Honeywell IQ4x building management controller exposes its full web-based Human Machine Interface HMI without authentication in its factory-default...

10CVSS5.9AI score0.05585EPSS
Exploits1References12
ICS
ICS
added 2026/03/10 6:0 a.m.9 views

Honeywell IQ4 Series BMS Controller (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to access controller management settings, control components, disclose information, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

10CVSS5.8AI score0.05585EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-25319

Malicious code in bioql PyPI...

6.7CVSS6.7AI score0.00097EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 2:15 p.m.4 views

CVE-2025-8449

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network...

4.1CVSS0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:8 a.m.3 views

CVE-2023-21151

In the Google BMS kernel module, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

6.7CVSS6.9AI score0.00097EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.277 views

ABB Cylon Aspect 3.08.01 caldavUpload.php Funkalicious Exploit

Yo, check it - the ABB BMS/BAS system's got a slick little weakness in them caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files. All you gotta do is drop that skipChecksum beat in the POST vibe, and bam, the system skips all that MD5 checksum nonsense, no EXPERTMODE needed to...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/30 12:0 a.m.323 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Reflected XSS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy manageme...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/30 12:0 a.m.202 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Information Disclosure

ABB Cylon Aspect 3.08.01 jsonProxy.php Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/30 12:0 a.m.228 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service

ABB Cylon Aspect 3.08.01 jsonProxy.php Denial of Service Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and contr...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/30 12:0 a.m.266 views

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Username Enumeration

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerabl...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/11 12:0 a.m.360 views

ABB Cylon Aspect 3.07.02 user.properties Default Credentials

ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy management and...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/10/11 12:0 a.m.207 views

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control Vulnerability

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper...

7.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/11 12:0 a.m.400 views

ABB Cylon Aspect 3.07.02 (user.properties) Default Credentials

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller uses a weak set of default administrative...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/10 12:0 a.m.243 views

ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal

ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/07 12:0 a.m.338 views

ABB Cylon Aspect 3.08.00 (syslogSwitch.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

6.1AI score
Exploits0
Rows per page
Query Builder