EUVD-2026-32423

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

Juju: CloudSpec method leaking cloud credentials

Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...

CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

CVE-2025-36017

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user...

PT-2025-49600

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user...

EUVD-2020-8063

Malware in sbrugna...

CVE-2024-36408

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

PT-2025-1040 · Ibm · Ibm Cognos Controller +1

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 IBM Controller version 11.1.0 Description: The issue is related to the error reporting mechanism in IBM Cognos Controller and IBM Controller, which could allow a remote attacker to obtain...

PT-2024-19380 · Gallagher · Gallagher Controller 6000 +1

Name of the Vulnerable Software and Affected Versions: Gallagher Controller 6000 and 7000 versions 8.60 and prior Gallagher Controller 6000 and 7000 versions 8.70 prior to vCR8.70.240520a Gallagher Controller 6000 and 7000 versions 8.80 prior to vCR8.80.240520a Gallagher Controller 6000 and 7000...

CVE-2020-4874

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837...

CVE-2023-22645

CVE-2023-22645 (SUSE kubewarden): An improper privilege management flaw in the kubewarden-controller allows an attacker with access to the controller’s ServiceAccount to read arbitrary secrets, potentially exfiltrating secret tokens from the cluster. Affected product/component: SUSE kubewarden ku...

CVE-2022-23236

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users...

PT-2022-16897 · Unknown +1 · Kustomize-Controller +2

Name of the Vulnerable Software and Affected Versions: Flux2 versions 0.1.0 through 0.29.0 helm-controller versions 0.1.0 through 0.19.0 kustomize-controller versions 0.1.0 through 0.23.0 Description: The issue concerns code injection via malicious Kubeconfig files, potentially leading to privile...

CVE-2020-16097

On controllers running versions of v8.20 prior to vCR8.20.200221b distributed in v8.20.1093MR2, v8.10 prior to vGR8.10.179 distributed in v8.10.1211MR5, v8.00 prior to vGR8.00.165 Distributed in v8.00.1228MR6, v7.90 prior to vGR7.90.165 distributed in v7.90.1038MRX, v7.80 or earlier, It is possib...

CVE-2020-5901

In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting XSS attack. If the victim user is logged in as admin this could result in a complete compromise of the system...

Improper access control

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...