9.5
CVE-2025-55113 - BMC Control-M/Agent unescaped NULL byte in access control list checks
If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stoβ¦
7.6
CVE-2025-55112 - BMC Control-M/Agent hardcoded Blowfish keys
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between thβ¦
5.1
CVE-2025-10546 - Cross-Site Scripting (XSS) Vulnerability in PPC XPON ONT Wi-Fi Router
This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common Gateway Interface (CGI) parameters at its web management portal. A remote attacker could exploit this vulnerability by injecting malicious JavaScript into the vulnerable parameter, leading to a reflected Cβ¦
5.7
CVE-2025-55111 - BMC Control-M/Agent insecure default file permissions
Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating toβ¦
5.7
CVE-2025-55110 - BMC Control-M/Agent hardcoded default keystore password
Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password.
9.5
CVE-2025-55109 - BMC Control-M/Agent default SSL/TLS configuration authenticated bypass
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certifiβ¦
9.6
CVE-2025-7743 - Sensitive Data Exposure in Dolusoft's Omaspot
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025.
9.8
CVE-2025-7744 - SQLi in Dolusoft's Omaspot
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection.This issue affects Omaspot: before 12.09.2025.
5.4
CVE-2025-6575 - XSS in Dolusoft's Omaspot
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dolusoft Omaspot allows Reflected XSS.This issue affects Omaspot: before 12.09.2025.
8.8
CVE-2024-12913 - SQLi in Megatek Communication System's Azora Wireless Network Management
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection.This issue affects Azora Wireless Network Management: through 20250916.Β NOTE: The vendor did not inform about tβ¦