Sick Security Vulnerabilities (CVEs)

This vulnerability allows attackers to steal authentication tokens when they are passed in URL query parameters, potentially enabling session hijackin...

This vulnerability allows unauthenticated attackers to view detailed information about all software components, versions, and licenses used by the app...

This CVE describes an information disclosure vulnerability where error messages reveal internal system details like file paths, database errors, or so...

This vulnerability affects devices where passwords are stored without proper salting, allowing attackers to more easily extract and crack passwords th...

This vulnerability allows attackers to inject malicious scripts via URL parameters, which execute in authenticated users' browsers. This can lead to s...

This vulnerability allows attackers with limited permissions to write files to specific locations on affected devices, potentially enabling system man...

CVE-2026-22915 allows attackers with low privileges to read files from specific directories on affected devices, potentially exposing sensitive inform...

This vulnerability allows low-privileged attackers to trigger critical system functions like reboot or factory reset without proper authorization. It ...

This vulnerability involves improper input handling in a system endpoint that allows attackers to send crafted requests to overload resources, causing...

This CVE describes a clickjacking vulnerability where attackers can trick users into performing unintended actions on web interfaces, potentially lead...

This vulnerability allows attackers with administrative access to inject malicious scripts into the login page, enabling cross-site scripting (XSS) at...

This vulnerability allows unauthorized access to system functions that control installed applications. Attackers can start, stop, or delete applicatio...

This vulnerability allows attackers to gain unauthorized access to affected devices by using weak, publicly known default passwords on hidden user acc...

This vulnerability exposes password hashes for system accounts within firmware update files. Remote attackers could recover credentials and gain unaut...

This vulnerability allows attackers to redirect authenticated users to malicious websites through improper validation of a login parameter. It affects...

This vulnerability allows an attacker to crash the UpdateService by tampering with the C++ CLI client during file transfers, disrupting update functio...

This vulnerability allows attackers to cause chunk-size mismatches during file transfers, blocking current transfers and preventing subsequent ones. I...

An attacker with SSH access to an unprivileged account can disrupt services including SSH itself, causing persistent denial of service. This affects s...

This vulnerability affects systems deployed with default configurations that don't follow security best practices for access restrictions. It allows u...

This vulnerability allows remote attackers to brute-force directory and file paths to access sensitive information like private keys and configuration...

This vulnerability allows attackers to use stored user credentials from the local database to gain unauthorized access to affected systems. It affects...

This vulnerability exposes authentication credentials transmitted via URL parameters, which can be unintentionally stored in server logs, browser hist...

This vulnerability allows attackers to enumerate valid usernames by observing different error messages for incorrect passwords versus non-existent use...

This vulnerability allows attackers to perform brute-force attacks against authentication systems by attempting multiple login attempts without rate l...

This vulnerability allows attackers to brute-force directory and file paths, potentially exposing sensitive information stored in accessible locations...

This vulnerability allows unauthenticated attackers to query an endpoint without proper authentication, enabling user enumeration attacks. It affects ...

This vulnerability allows attackers to create arbitrary log entries via an unvalidated API endpoint. Attackers can falsify or dilute logs, compromisin...

This vulnerability allows attackers to send excessively large payloads during failed login attempts, which are then logged without validation. This co...

This vulnerability allows attackers to modify unsigned backup ZIP files and re-upload them to disrupt application functionality. Attackers can reconfi...

This clickjacking vulnerability allows attackers to embed the vulnerable web application in an invisible frame and trick users into clicking malicious...

This vulnerability allows attackers to intercept unencrypted network traffic and steal authentication credentials from affected servers. It affects sy...

This vulnerability involves a service supporting deprecated and unsafe TLS versions, potentially allowing attackers to intercept or manipulate sensiti...

This vulnerability involves a session cookie named '@@' being configured without the HttpOnly flag, making it accessible to client-side scripts. This ...

This vulnerability allows attackers to enumerate valid usernames by observing different error messages for incorrect passwords versus non-existent use...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in SICK industrial automation products. An attacker can exploit an endpoint to m...

This vulnerability allows unauthorized users to access sensitive information via HTTP GET requests and modify critical service configurations via HTTP...

This vulnerability exposes REST API communications to interception by using unencrypted HTTP instead of HTTPS. Attackers can eavesdrop on traffic betw...

This cross-site scripting (XSS) vulnerability allows attackers who can create dashboard widgets to inject malicious JavaScript into Transform Function...

This vulnerability allows unauthenticated remote attackers to bypass authentication on SICK Flexi Soft Gateways by capturing and replaying authenticat...

This is a cross-site scripting (XSS) vulnerability in SICK APU's RDT400 component that allows an unprivileged remote attacker to inject malicious scri...

This vulnerability allows unauthenticated remote attackers to download and upload arbitrary files via anonymous FTP access to SICK APU devices. It aff...

CVE-2023-43700 is a missing authorization vulnerability in SICK APU's RDT400 component that allows unauthenticated remote attackers to modify data via...

CVE-2023-3270 is an information disclosure vulnerability in the SICK ICR890-4 industrial camera system, allowing unauthenticated remote attackers to a...

This vulnerability in SICK ICR890-4 industrial cameras allows attackers to intercept unencrypted network traffic containing sensitive information. Any...

Unauthenticated HTTP endpoints in SICK ICR890-4 industrial cameras allow remote attackers to retrieve sensitive device information without credentials...

This vulnerability allows unprivileged remote attackers to download files from SICK FTMg AIR FLOW SENSOR devices via the REST interface using low-priv...