PaperCut MF/NG contains an improper access control vulnerability that can allow an authentication bypass and code execution in the context of a system.

Sources: CISA, NIST

MinIO contains an information disclosure vulnerability that can lead to the disclosure of sensitive data and information.

Sources: CISA, NIST

Drupal Core contains an access bypass vulnerability that can allow an attacker to take control of an affected system.

Sources: CISA, Drupal

INEA ME RTU contains an OS command injection vulnerability that can allow remote code execution.

Sources: CISA, INEA

Omron CS/CJ Series contains a missing authentication for critical function vulnerability that can allow an attacker to access sensitive information in the file system and memory.

Sources: CISA, Omron

Schneider Electric Easy UPS online monitoring software contains missing authentication for critical function and improper handling of case sensitivity vulnerabilities that can result in remote code execution, escalation of privileges or authentication bypass.

Sources: CISA, Schneider Electric

Mitsubishi Electric MELSEC iQ-F, iQ-R Series contains a predictable seed in pseudo-random number generator vulnerability that can allow an attacker to access the WEB server function by guessing the random numbers used for authentication.

Sources: CISA, Mitsubishi Electric

Omron PLC CJ and CS Series contains authentication bypass by spoofing, authentication bypass by capture-replay and unrestricted externally accessible lock vulnerabilities that can allow an attacker to pose as an authorized user to obtain the status information of the PLC.

Sources: CISA, Omron