PT-2026-1677

Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System stores passwords in cleartext within the device’s SQLite database. This allows attackers to access unencrypted credentials directly from the...

PT-2026-1676

Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System is susceptible to a cleartext transmission issue. This allows remote attackers to intercept authentication credentials through man-in-the-middle...

CVE-2019-25241

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

CVE-2019-25241 FaceSentry Access Control System 6.4.8 Remote SSH Root Access

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

CVE-2018-25128 SOCA Access Control System 180612 SQL Injection and Authentication Bypass

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by...

iWT FaceSentry Access Control System 安全漏洞

The iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from an authenticated remote command injection in the pingTest.php and...

SOCA Access Control System 安全漏洞

SOCA Access Control System is an access control system from China's Sunchem SOCA. A security vulnerability exists in SOCA Access Control System version 180612, which stems from a lack of request validation and could lead to cross-site request forgery attacks...

iWT FaceSentry Access Control System 安全漏洞

The iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from susceptibility to cross-site request forgery attacks and could lead to the...

PT-2025-53348

Name of the Vulnerable Software and Affected Versions SOCA Access Control System version 180612 Description The SOCA Access Control System is susceptible to a cross-site request forgery condition. This allows attackers to execute administrative actions without sufficient verification of requests...

CVE-2025-68165

In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup...

CVE-2025-68165

CVE-2025-68165 is reported for JetBrains TeamCity: reflected XSS on the VCS Root setup in versions prior to 2025.11.0. The connected Nessus entry confirms the vulnerability exists in TeamCity

Mitsubishi Electric GT Designer3

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker obtain plaintext credentials from the project file for GT Designer3, which could result in illegally operating GOT2000 and GOT1000 series devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A cross-site scripting vulnerability exists in JetBrai...

CVE-2025-43875

creationtimestamp| type| source ---|---|--- 2025-12-11 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-01 2025-12-24 17:07:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3maqqscw3jm2c...

CVE-2025-40807

creationtimestamp| type| source ---|---|--- 2025-12-11 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-09...

CVE-2025-66586

creationtimestamp| type| source ---|---|--- 2025-12-11 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03 2025-12-17 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-1134/ 2025-12-17 05:00:00+00:00| seen|...

Johnson Controls iSTAR

RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...

CVE-2021-47706 COMMAX Biometric Access Control System Authentication Bypass

COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass...

CVE-2025-40940

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data,...

R.V.R. Elettronica TLK302T 安全漏洞

The R.V.R. Elettronica TLK302T is a telemetry control system from R.V.R. Elettronica, Italy. A security vulnerability exists in the R.V.R. Elettronica TLK302T that originates from the presence of stored cross-site scripting in the web management interface...