Credential disclosure in the Brightpick Mission Control web application allows anyone able to retrieve the application's client-side JavaScript bundle to extract hardcoded credentials embedded in that code. Because the secrets ship to the browser, any user or adjacent-network actor who loads the front-end can recover them and potentially authenticate to back-end services in this warehouse-automation/ICS-OT product. Reported by CISA ICS-CERT (ICSA-25-317-04); no public exploit has been identified and EPSS exploitation probability is very low (0.06%, 17th percentile).
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta.cgi. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.
The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.