Harmony
This hub aggregates every CVE we track for Harmony, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
3
Critical
1
High
2
In CISA KEV
Severity distribution
CRITICAL3HIGH1MEDIUM1
Monthly trend
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Harmony.
- CVE-2025-56385A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not pr...9.8
- CVE-2024-55956In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by le...KEV9.8
- CVE-2024-50623In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.KEV9.8
- CVE-2021-29241CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).7.5
- CVE-2013-7372The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apach...5.0
Product normalization is registry-driven with AI assist and human review. How it works