CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved...

CVE-2026-24457

CVE-2026-24457: OpenMQ unsafe parsing of configuration allows a remote attacker to read arbitrary files on the MQ Broker server, potentially reading host OS files. In some scenarios, RCE could be achieved. Metrics indicate CVSS v3.1 base score 9.1 (CRITICAL) with NETWORK attack vector, LOW attack...

CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved...

CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved...

PT-2026-23475

Name of the Vulnerable Software and Affected Versions OpenMQ affected versions not specified Description An unsafe parsing of OpenMQ’s configuration allows a remote attacker to read arbitrary files from a MQ Broker’s server. Full exploitation could lead to reading unauthorized files from the Open...

CVE-2025-47378

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain...

CVE-2025-47378

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain...

EUVD-2025-208187

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain...

PT-2026-5674

Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input...

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility (ICU) on Windows is affected by a stack-based buffer overflow in ICU versions up to and including 6.9.7 (prior to 6.9.8). Successful exploitation could cause the host OS to fail, per NVD/Red Hat/Nessus/ICS advisories. A fixed version, ICU 6.9.8, is ref...

EUVD-2025-206488

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

CVE-2025-26386 Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

PT-2026-5091

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a failure within the operating system of the machine hosting the ICU tool. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

USN-7860-4: Linux kernel (Real-time) vulnerability

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7860-3 linux-fips, linux-aws-fips, inux-gcp-fips vulnerability

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

CVE-2025-36367

IBM i versions 7.2–7.6 are affected by CVE-2025-36367 due to an invalid IBM i SQL services authorization check, allowing a malicious actor to escalate privileges to root on the host OS. Affected products/versions: IBM i 7.6, 7.5, 7.4, 7.3, 7.2. Underlying cause: missing authorization check in IBM...

EUVD-2025-37213

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...