Lucene search
K

36 matches found

NVD
NVD
added 2026/07/01 8:16 a.m.7 views

CVE-2026-10538

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 8:16 a.m.18 views

CVE-2026-10539

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 7:56 a.m.8 views

EUVD-2026-40926

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS5.8AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 7:55 a.m.7 views

EUVD-2026-40925

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS5.9AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 7:55 a.m.38 views

CVE-2026-10539 Unauthenticated command injection in Control-M/Server communication command

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:55 a.m.28 views

CVE-2026-10539

The vulnerability CVE-2026-10539 affects Control-M/Server versions 9.0.20.x through 9.0.21.200 (and potentially earlier unsupported versions). It is caused by insufficient filtering/sanitization of user-supplied input in a Control-M/Server communication command, which could allow an unauthenticat...

9.5CVSS5.9AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0295

Malware in sbrugna...

5.4CVSS5.5AI score0.00606EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-0260

Malware in sbrugna...

6.5CVSS6.5AI score0.01333EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29568

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00362EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/09 12:23 a.m.21 views

CVE-2025-48709

An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbuconnectiondetails.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process...

7.8CVSS6.8AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 2025/08/07 8:15 p.m.5 views

CVE-2025-48709

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

7.8CVSS5.8AI score0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/07 12:0 a.m.6 views

CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

4.8CVSS6.4AI score0.00122EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/08/05 8:11 a.m.19 views

Node.js third-party modules: [m-server] XSS reflected because path does not escapeHtml

I would like to report XSS in m-server It allows attacker can perform XSS in client side Module module name: m-server version: 1.4.2 npm page: https://www.npmjs.com/package/m-server Module Description M-Server is a mini http static server that without any dependencies; Module Stats 1 weekly...

0.2AI score
Exploits0
CNVD
CNVD
added 2020/05/06 12:0 a.m.4 views

BMC Control-M/Agent Arbitrary File Download Vulnerability

Control-M is one of BMC's most important automation control products, and is the world's leading integrated business scheduling solution for cross-platform and cross-application job scheduling. A security vulnerability exists in BMC Control-M/Agent and Control-M/Server communication when using th...

7.5CVSS7.1AI score0.01052EPSS
Exploits0References1
OSV
OSV
added 2019/06/11 4:16 p.m.10 views

GHSA-VC6R-4X6G-MMQC Path Traversal in m-server

Versions of m-server before 1.4.2 are vulnerable to path traversal allowing a remote attacker to display content of arbitrary files from the server. Recommendation Update to version 1.4.2 or later...

7.3AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2019/06/11 4:16 p.m.16 views

Path Traversal in m-server

Versions of m-server before 1.4.2 are vulnerable to path traversal allowing a remote attacker to display content of arbitrary files from the server. Recommendation Update to version 1.4.2 or later...

5.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2019/02/18 11:58 p.m.23 views

GHSA-899G-6Q6W-7V94 m-server Vulnerable to Directory Traversal

Path Traversal vulnerability in module m-server 1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request...

6.5CVSS6.3AI score0.01333EPSS
Exploits1References3
OSV
OSV
added 2019/02/07 6:16 p.m.18 views

GHSA-GMXV-XF2Q-6J8M Cross-Site Scripting in m-server

Versions of m-server before 1.4.2 are vulnerable to stored cross-site scripting. This vulnerability is exploitable if an attacker is able to control the name of a file that m-server is serving. Recommendation Update to version 1.4.2 or later...

5.4CVSS5.1AI score0.00606EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2019/02/07 6:16 p.m.39 views

Cross-Site Scripting in m-server

Versions of m-server before 1.4.2 are vulnerable to stored cross-site scripting. This vulnerability is exploitable if an attacker is able to control the name of a file that m-server is serving. Recommendation Update to version 1.4.2 or later...

5.4CVSS3.2AI score0.00606EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2019/02/02 12:0 a.m.2 views

M-Server Path Traversal Vulnerability

m-server is a small http static server . M-Server suffers from a path traversal vulnerability that arises from a failure of a network system or product to properly filter special elements in the path of a resource or file. An attacker could use this vulnerability to access locations outside of a...

6.5CVSS6.9AI score0.01333EPSS
Exploits1References1
Rows per page
Query Builder