8.3
CVE-2025-9317 - AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm
The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.
8.2
CVE-2025-64309 - Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.
8.7
CVE-2025-64308 - Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.
7.1
CVE-2025-64307 - Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totโฆ
8.7
CVE-2025-62765 - General Industrial Controls Lynx+ Gateway Cleartext Transmission of Sensitive Information
General Industrial Controls Lynx+ Gatewayย is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials.
8.7
CVE-2025-59780 - General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function
General Industrial Controls Lynx+ Gatewayย is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information.
9.2
CVE-2025-58083 - General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function
General Industrial Controls Lynx+ Gatewayย is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.
8.8
CVE-2025-55034 - General Industrial Controls Lynx+ Gateway Weak Password Requirements
General Industrial Controls Lynx+ Gatewayย is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login.
8.7
CVE-2021-4469 - Denver SHO-110 IP Camera Unauthenticated Snapshot Access
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directโฆ
8.7
CVE-2021-4466 - IPCop <= 2.1.9 Authenticated RCE
IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAIL_PW parameter, directly into system-level operations without propโฆ