A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.

An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.

A denial-of-service security issue exists in the affected product and version. The security issue stems from the controller repeatedly attempting to forward messages. The issue could result in a major nonrecoverable fault on the controller.

A code execution security issue exists in the affected product. An attacker with physical access could abuse the maintenance menu of the controller with a crafted payload. The security issue can result in arbitrary code execution.

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of device availability.

A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash.

A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle firmware, specifically affecting the handling of certain parameters within the server's database interactions. The vulnerability is isolated to the SMPP server, which operates with its own dedicated datab…

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in…

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability. This issue affects Apache HertzBea…

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them.