CVE-2026-36500

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

EUVD-2026-34866

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

PT-2026-47009

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

CVE-2026-36500

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

CVE-2026-36501

An issue in the Externalizable.readExternal component of Controller v12.0.5 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-36500

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

ABB AC500 V3 Multiple Vulnerabilities

SUMMARY ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. An update is available that resolves these vulnerabilities. An attacker who successfully exploited these vulnerabilities could bypass the user management and read visualization files...

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller 11.1.2. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor...

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller 11.1.2. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...

CVE-2025-54992

OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity XXE injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is...

CVE-2025-33079

Summary of CVE-2025-33079 (IBM Controller information disclosure) Affected products: IBM Controller: version 11.1.0 (and IBM Cognos Controller 11.0.0 – 11.0.1). Root cause / vulnerability: An authenticated user could obtain sensitive credentials that may be inadvertently included within the sourc...

CVE-2023-38349

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26...

PT-2024-34621 · Unknown · Open Floodlight Sdn Controller

Name of the Vulnerable Software and Affected Versions: Floodlight SDN OpenFlow Controller version 1.2 Description: The issue allows local hosts to construct false broadcast ports, causing inter-host communication anomalies. Recommendations: For Floodlight SDN OpenFlow Controller version 1.2,...

Tormach PathPilot Controller 安全漏洞

Tormach PathPilot Controller is a series of controllers from Tormach USA. A security vulnerability exists in Tormach PathPilot Controller version v2.9.6. An attacker has exploited the vulnerability to cause a denial of service DoS via specially crafted commands...

Pulsar Plus System Controller 跨站请求伪造漏洞

The Pulsar Plus System Controller is the Pulsar Plus family of controllers. A security vulnerability exists in ABB Pulsar Plus System Controller version NE843S, which originates from ABB Infinity DC Power Plant allowing cross-site request forgery, affecting the following products and versions:...

CVE-2020-27568

Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security...

CVE-2007-1982

Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax RSPA 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 IncludeFilePHPClass, 2 ClassPath, and 3 class parameters to a rspa/framework/Controllerv5.php, and b...