19187 matches found
CVE-2025-37132 Authenticated Remote Code Execution Vulnerability in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write
An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to workflow-controller logging configuration with credentials in plaintext. An attacker can access sensitive credentials by reading pod logs if they have permissions to view logs in the affected...
CVE-2025-62157
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...
CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...
CVE-2025-62157
CVE-2025-62157 affects Argo Workflows. Vulnerable in versions prior to 3.6.12 and 3.7.0–3.7.2, where artifact repository credentials are exposed in plaintext in workflow-controller logs. An attacker with pod-log access in a namespace running Argo Workflows can read these credentials. Remediation:...
CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...
EUVD-2011-5261
A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...
CVE-2025-41699 Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code 'Code Injection'...
PT-2025-41985
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...
PT-2025-41893
Name of the Vulnerable Software and Affected Versions Studio 5000 Logix Designer affected versions not specified Description A security issue exists that can lead to a denial-of-service condition. This is caused by providing invalid values to Component Object Model COM methods. The vulnerability...
Creativeitem Academy LMS 安全漏洞
Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 5.13 and earlier, which stems from a lack of role validation in the Apiinstructor controller, which could lead to elevation of privile...
PT-2025-41981
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...
Rockwell Automation ArmorStart AOP 安全漏洞
Rockwell Automation ArmorStart AOP is a distributed motor controller from Rockwell Automation. The Rockwell Automation ArmorStart AOP suffers from a denial of service vulnerability that originates from entering an invalid value into a COM method, which can be exploited by an attacker to cause a...
PT-2025-41980
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...
Argo Workflows 安全漏洞
Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2, which stems from workflow-controller pod logs exposing workware repository credentia...
PT-2025-41988
Name of the Vulnerable Software and Affected Versions AOS-10 GW affected versions not specified AOS-8 Controller/Mobility Conductor affected versions not specified Description An issue exists in a low-level interface library that could allow an authenticated malicious actor to download arbitrary...
PT-2025-41978
Name of the Vulnerable Software and Affected Versions AOS-8 Controller/Mobility Conductor affected versions not specified Description An authenticated command injection flaw exists in the CLI binary of the AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow a...
PT-2025-41934
Name of the Vulnerable Software and Affected Versions Creativeitem Academy LMS versions up to and including 5.13 Description A privilege escalation issue exists in the Api instructor controller. Authenticated users without the necessary permissions can access functions intended only for...
PT-2025-41984
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...
PT-2025-41977
Name of the Vulnerable Software and Affected Versions AOS-8 Controller/Mobility Conductor affected versions not specified Description An authenticated command injection flaw exists in the Command Line Interface CLI binary. Exploitation allows an attacker with valid credentials to execute arbitrar...