Posted by Thomas Weber | CyberDanube via Fulldisclosure on May 31

CyberDanube Security Research 20260528-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| Mennekes Amtron Series and Smart-T PnC
vulnerable version| 5.22.3
fixed version| 5.33.11-21500
CVE number| CVE-2026-8979, CVE-2026-8980
impact| High
homepage| https://www.mennekes.at/
found|...

Posted by binreaper via Fulldisclosure on May 31

Hi all,

Posting a brief summary of a four-finding disclosure on bmcweb (the OpenBMC HTTP/Redfish web server), which ships in
BMC firmware on most modern enterprise servers — Intel, IBM, HPE, NVIDIA, and various ODMs.

Full timeline and analysis on the blog:

https://binreaper.pages.dev/posts/2026-05-27-bmcweb-disclosure/

## Why bmcweb matters

A Baseboard Management Controller boots before the host CPU, has full control over the server...

Notepad++ 8.9.6 - Arbitrary Code Execution

YAMCS yamcs-core 5.12.7 - No Rate Limiting

YAMCS yamcs-core 5.12.7 - User Enumeration

YAMCS yamcs-core 5.12.7 - LDAP Injection

Microsoft - NTLMv2 Hash Capture

MikroORM 7.0.13 - SQL Injection

Prodigy Commerce 3.3.0 - Local File Inclusion

Langflow 1.3.0 - Remote Code Execution

Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution

ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion

ZTE Routers - Unauthenticated Denial of Service

ZTE ZXHN H188A V6 - Authentication Bypass

ZTE H298A / H108N - Unauthenticated Credential Exposure

Linux Kernel - Local Privilege Escalation

MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution

Wing FTP Server 8.1.3 - Authenticated Remote Code Execution

CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)

strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow