CVE-2024-35295

A vulnerability has been identified in Perfect Harmony GH180 All versions = V8.0 V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025. The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an...

Tinxy WiFi Lock Controller v1 RF 访问控制错误漏洞

Tinxy WiFi Lock Controller v1 RF is a smart door lock from Tinxy. A security vulnerability exists in the Tinxy WiFi Lock Controller v1 RF, which originates from being configured for an open Wi-Fi network and could lead to unauthenticated network access...

CVE-2024-41146

Use of Multiple Resources with Duplicate Identifier CWE-694 in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. Thi...

CVE-2024-31216

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...

CVE-2023-6533

Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and...

CVE-2023-28648

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...

CVE-2020-5895

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...

CVE-2020-5909

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface UI to fetch the agent installer, the server TLS certificate is not verified...

CVE-2020-5864

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...

CVE-2020-3966

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.2, and Fusion 11.x before 11.5.2 contain a heap-overflow due to a race condition issue in the USB 2.0 controller EHCI. A malicious actor with local...

CVE-2025-20190

A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient access control of actions executed by lobby...

PT-2025-15700 · Unknown · Horvey Library-Manager

Name of the Vulnerable Software and Affected Versions: horvey Library-Manager version 1.0 Description: The issue concerns SQL Injection in the Admin/Controller/BookController.class.php file. No information is provided about the estimated number of potentially affected devices or real-world...

CVE-2022-39163

CVE-2022-39163 (IBM Cognos Controller) affects IBM Cognos Controller 11.0.0–11.1.0 and IBM Controller 11.1.0, due to a Client-Side Desync (CSD) attack that could desynchronize a browser connection and enable cross-site scripting (XSS). The documented impact is limited to potential XSS via a desyn...

PT-2025-9179 · Ibm · Ibm Controller

Name of the Vulnerable Software and Affected Versions: IBM Controller versions 11.0.0 through 11.0.1 IBM Controller version 11.1.0 Description: The issue makes it easier for attackers to compromise user accounts because it does not require strong passwords by default. Recommendations: For IBM...

The vulnerability of software solutions that support the process of closing, consolidating, and generating reports for IBM Cognos Controller and IBM Controller lies in the improper restriction on XML links to external objects. This allows attackers to carry out XXE attacks.

The vulnerability of software solutions that support the process of closing, consolidating, and generating reports for IBM Cognos Controller and IBM Controller is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow attackers to perform XXE...

CVE-2022-21382

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications component: WebUI. Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise...

CVE-2024-29838

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software...

CVE-2018-25108 WAGO: Denial of service in 750-8xx controller due to uncontrolled resource consumption

An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption...

CVE-2024-50603

An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for...

IBM Cognos Controller和IBM Controller 安全漏洞

IBM Cognos Controller and IBM Controller are both products of International Business Machines IBM.IBM Cognos Controller is a business intelligence and planning solution. The product features process automation, financial audit control, and the creation and management of financial reports.IBM...