CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

CVE-2026-3893 Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

CVE-2026-3893

The CVE-2026-3893 affects the Carlson VASCO-B GNSS Receiver. The connected PT-Security entry indicates attackers can exploit the absence of authentication to gain unauthenticated remote access, escalate privileges, and move laterally within manufacturing networks, enabling modification of configu...

CVE-2026-3893 Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

EUVD-2026-26081

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

Carlson VASCO-B GNSS Receiver 访问控制错误漏洞

The Carlson VASCO-B GNSS Receiver is a high-precision satellite positioning receiving device developed by the American company Carlson. The Carlson VASCO-B GNSS Receiver has a access control vulnerability, which stems from the lack of an authentication mechanism. This vulnerability may allow...

Carlson Software VASCO-B GNSS Receiver

RISK EVALUATION Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...

dev.carlsontool.com Cross Site Scripting vulnerability OBB-3960010

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

carlsonbuildingmaterials.com Improper Access Control vulnerability OBB-2572073

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

NSA Watchdog Will Review Tucker Carlson Spy Claims

The National Security Agency’s Inspector General Robert Storch has announced a review of whether the agency illegally conducted cyber-espionage and collected the electronic communications of Fox News opinion-show host Tucker Carlson, who has accused the NSA of trying to capture embarrassing...

update.carlsonsw.com XSS vulnerability

Vulnerable URL: http://update.carlsonsw.com/serialupgradelookup.php?prodname=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 15:50 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

multimedia macro allows execution of arbitrary scripts

The multimedia macro in confluence embeds a swf without the 'allowScriptAccess' attribute set to 'none'. This allows the embedded user submitted swf to execute arbitrary javascript on the page, constituting an XSS vulnerability. The multimedia tag is bundled in with the base product and not an...