|
4211
|
9.3 |
CRITICAL
Network
|
-
|
-
|
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att…
|
CWE-656
Reliance on Security Through Obscurity
|
CVE-2026-42363
|
2026-04-27 09:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4212
|
7.5 |
HIGH
Network
|
libexpat_project
|
libexpat
|
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
|
CWE-331
Insufficient Entropy
|
CVE-2026-41080
|
2026-04-27 07:17 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4213
|
7.1 |
HIGH
Network
|
elog_project
|
elog
|
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attac…
|
CWE-862
Missing Authorization
|
CVE-2025-64348
|
2026-04-27 04:26 |
2025-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4214
|
7.1 |
HIGH
Network
|
elog_project
|
elog
|
ELOG permite a un usuario autenticado modificar o sobrescribir el archivo de configuración, resultando en denegación de servicio. Si la función de ejecución está específicamente habilitada con el ind…
|
CWE-862
Missing Authorization
|
CVE-2025-64348
|
2026-04-27 04:26 |
2025-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4215
|
9.8 |
CRITICAL
Network
|
newforma
|
project_center
|
Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AU…
|
CWE-306
CWE-502
Missing Authentication for Critical Function
Deserialization of Untrusted Data
|
CVE-2025-35051
|
2026-04-27 04:04 |
2025-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4216
|
- |
|
-
|
-
|
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not p…
|
CWE-1393
Use of Default Password
|
CVE-2025-26793
|
2026-04-27 03:56 |
2025-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4217
|
- |
|
-
|
-
|
El panel de configuración de la interfaz gráfica de usuario web de Hirsch (anteriormente Identiv y Viscount) Enterphone MESH hasta 2024 se entrega con credenciales predeterminadas (nombre de usuario …
|
CWE-1393
Use of Default Password
|
CVE-2025-26793
|
2026-04-27 03:56 |
2025-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4218
|
- |
|
-
|
-
|
Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2025-1790
|
2026-04-27 03:49 |
2026-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4219
|
- |
|
-
|
-
|
Escalada de privilegios local en el plugin Genetec Sipelia. Un usuario de Windows autenticado con bajos privilegios podría explotar esta vulnerabilidad para obtener privilegios elevados en el sistema…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2025-1790
|
2026-04-27 03:49 |
2026-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4220
|
7.8 |
HIGH
Local
|
genetec
|
genetec_update_service
|
Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
|
CWE-276
Incorrect Default Permissions
|
CVE-2025-1789
|
2026-04-27 03:49 |
2026-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
