CVE-2026-23751

CVE-2026-23751 affects Kofax Capture (now Tungsten Capture) 6.0.0.0. It exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service, accessible without authentication. An unauthenticated attacker can use .NET Remoting object unmarshalling to instantiate a remote Sy...

CVE-2025-59709

An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...

CVE-2026-34990

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

CVE-2025-59709

An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...

PT-2026-30045

An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...

CVE-2025-59711

CVE-2025-59711 affects BizTalk360 prior to 11.5. The issue arises from mishandling of user-provided input in an upload mechanism, enabling an authenticated attacker to write files outside the destination directory and/or coerce authentication (Directory Traversal). The connected sources confirm t...

CVE-2026-26221

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service Hyland.Core.Workflow.NTService.exe and is also reported by the vendor to impact the Workview Timer Service an impacted version range is undefined. An attacker who can reach the service can send...

CVE-2026-26221

Hyland OnBase exposes an unauthenticated .NET Remoting endpoint in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe) and reportedly affects the Workview Timer Service. An attacker who can reach TCP/8900 endpoints (e.g., TimerServiceAPI.rem, TimerServiceEvents.rem) via default...

CVE-2026-23746

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

CVE-2025-34350

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

CVE-2022-30216 - Authentication coercion of the Windows ?Server? service

In this blog, see how an off-by-one error could lead to domain controller access in Microsoft Server Service...

PT-2022-3863 · Microsoft · Windows Server +1

Name of the Vulnerable Software and Affected Versions: Windows Server versions prior to the fixed version Description: The issue is related to a tampering vulnerability in the Windows Server service, allowing attackers to affect the system. This vulnerability can lead to authentication coercion,...