|
1651
|
9.8 |
CRITICAL
Network
|
newforma
|
project_center
|
Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AU…
|
CWE-306
CWE-502
Missing Authentication for Critical Function
Deserialization of Untrusted Data
|
CVE-2025-35051
|
2026-04-27 04:04 |
2025-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1652
|
- |
|
-
|
-
|
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not p…
|
CWE-1393
Use of Default Password
|
CVE-2025-26793
|
2026-04-27 03:56 |
2025-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1653
|
- |
|
-
|
-
|
El panel de configuración de la interfaz gráfica de usuario web de Hirsch (anteriormente Identiv y Viscount) Enterphone MESH hasta 2024 se entrega con credenciales predeterminadas (nombre de usuario …
|
CWE-1393
Use of Default Password
|
CVE-2025-26793
|
2026-04-27 03:56 |
2025-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1654
|
- |
|
-
|
-
|
Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2025-1790
|
2026-04-27 03:49 |
2026-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1655
|
- |
|
-
|
-
|
Escalada de privilegios local en el plugin Genetec Sipelia. Un usuario de Windows autenticado con bajos privilegios podría explotar esta vulnerabilidad para obtener privilegios elevados en el sistema…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2025-1790
|
2026-04-27 03:49 |
2026-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1656
|
7.8 |
HIGH
Local
|
genetec
|
genetec_update_service
|
Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
|
CWE-276
Incorrect Default Permissions
|
CVE-2025-1789
|
2026-04-27 03:49 |
2026-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1657
|
7.8 |
HIGH
Local
|
genetec
|
genetec_update_service
|
Escalada de privilegios local en el Servicio de Actualización de Genetec. Un usuario de Windows autenticado y con pocos privilegios podría explotar esta vulnerabilidad para obtener privilegios elevad…
|
CWE-276
Incorrect Default Permissions
|
CVE-2025-1789
|
2026-04-27 03:49 |
2026-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1658
|
4.2 |
MEDIUM
Local
|
genetec
|
genetec_update_service
|
Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privil…
|
CWE-346
Origin Validation Error
|
CVE-2025-1787
|
2026-04-27 03:49 |
2026-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1659
|
4.2 |
MEDIUM
Local
|
genetec
|
genetec_update_service
|
El administrador local podría filtrar información de la página web de configuración del Servicio de Actualización de Genetec. Un usuario de Windows autenticado y con privilegios de administrador podr…
|
CWE-346
Origin Validation Error
|
CVE-2025-1787
|
2026-04-27 03:49 |
2026-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1660
|
8.8 |
HIGH
Network
|
mrsilaz
|
mfa_mail
|
The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4208
|
2026-04-26 03:43 |
2026-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
