29 matches found
EUVD-2026-16575
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...
PT-2026-28634
Name of the Vulnerable Software and Affected Versions Thales Sentinel LDK Runtime versions prior to 10.22 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can...
CVE-2026-30952
liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...
CVE-2026-30957 OneUptime Synthetic Monitor RCE via exposed Playwright browser object
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...
CVE-2026-29787
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...
CVE-2026-29787 mcp-memory-service: System Information Disclosure via Health Endpoint
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...
CVE-2026-21660
Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...
CVE-2026-21656
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21654
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...
CVE-2026-21659
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion LFI vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects...
CVE-2026-21654
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...
CVE-2026-21656
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21656
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21659 Johnson Controls -Frick Quantum HD-Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion LFI vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects...
CVE-2026-21659
The CVE-2026-21659 entry describes an unauthenticated Remote Code Execution and Information Disclosure due to a Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD (versions prior to 10.22). Affected component is the Frick Quantum HD system; root cause is LFI le...
CVE-2026-21658
Johnson Controls Frick Controls Quantum HD is affected by CVE-2026-21658, an unauthenticated remote code execution (code injection) vulnerability caused by insufficient validation of input parameters. The issue allows code execution before authentication, impacting Quantum HD versions up to 10.22...
CVE-2026-21657 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21657
CVE-2026-21657 : Johnson Controls Frick Controls Quantum HD (versions 10.22 and earlier) contains an unauthenticated code injection flaw due to insufficient input validation in certain parameters, enabling code generation/execution before authentication. Multiple sources (NVD/Red Hat/EUVD/NVD eco...
CVE-2026-21654
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...
CVE-2026-21654
CVE-2026-21654 affects Johnson Controls Frick Controls Quantum HD (versions up to 10.22). Root cause: improper neutralization/validation of input leading to OS Command Injection. Impact: pre-authentication remote code execution and potential full device compromise; affected components/parameters ...