7
CVE-2025-10021 -
A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects across translation uni…
7.2
CVE-2025-61740 - Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG Origin Validation Error
Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.
7.2
CVE-2025-26379 - Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Rand…
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.
7.3
CVE-2025-14018 - Unquoted Service Path in NetBT Consultancy's e-Fatura
Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries.This issue affects e-Fatura: before 1.2.15.
7.2
CVE-2025-14273 - Mattermost Jira plugin user spoofing enables Jira request forgery.
Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who kno…
6.8
CVE-2025-54890 - A user with elevated privileges can inject XSS in the Hostgroups configuration page
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0…
7.2
CVE-2025-12514 - A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notific…
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows SQL Injection to user with elevated privileges.This issue affects Infra Monitor…
6.8
CVE-2025-8460 - A user with elevated privileges can inject XSS in the Notification rules configuration page
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, …
7.2
CVE-2025-61739 - Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG reusing a nonce, key pair in encryption
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.
2.3
CVE-2025-61738 - Johnson Controls PowerG and IQPanel cleartext transmission of sensitive information
Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network.