CVE-2026-25550

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

CVE-2026-25551

The CVE-2026-25551 entry concerns Seagull Software BarTender 2021 R1 through 12.0.1, which contains an insecure deserialization vulnerability. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe and is configured with BinaryServerFormatt...

EUVD-2026-34304

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

CVE-2026-0611

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...

CVE-2026-0611 Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...

CVE-2026-0611 Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...

PT-2026-45794

Name of the Vulnerable Software and Affected Versions Spacelabs Healthcare Sentinel versions 10.5.x and higher Spacelabs Healthcare Sentinel versions prior to 11.6.0 Description An unauthenticated remote code execution issue exists via a deprecated .NET Remoting HTTP channel exposed on port 8989...

DotNetRemotingExploitPy

No d...

CVE-2026-23751

CVE-2026-23751 affects Kofax Capture (now Tungsten Capture) 6.0.0.0. It exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service, accessible without authentication. An unauthenticated attacker can use .NET Remoting object unmarshalling to instantiate a remote Sy...

PT-2026-34668

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 other versions may be affected exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An...

Kofax Capture 访问控制错误漏洞

Kofax Capture is an application developed by the Kofax company in the United States. It offers advanced pre-built intelligent document processing capabilities. Version Kofax Capture 6.0.0.0 contains a security vulnerability related to access control. This vulnerability stems from the exposure of ...

CVE-2026-26222

Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...

CVE-2026-26222 DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE

Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...

PT-2026-21780

Name of the Vulnerable Software and Affected Versions Altec DocLink version 4.0.336.0 Description The software has insecure .NET Remoting endpoints exposed over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and...

CVE-2026-21665

The Print Service component of Fiserv Originate Loans Peripherals formerly Velocity Services in unsupported version 2021.2.4 build 4.7.3155.0011 uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted network ...

CVE-2026-21665

The CVE concerns the Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in the unsupported 2021.2.4 release (build 4.7.3155.0011). It uses deprecated .NET Remoting TCP channels that enable unsafe deserialization of untrusted data. When exposed to an untrust...

CVE-2026-26221

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service Hyland.Core.Workflow.NTService.exe. An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 e.g., TimerServiceAPI.rem and...

CVE-2026-26333

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...

CVE-2026-26221 Hyland OnBase Timer Service Unauthenticated .NET Remoting RCE

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service Hyland.Core.Workflow.NTService.exe. An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 e.g., TimerServiceAPI.rem and...

PT-2026-8030

Name of the Vulnerable Software and Affected Versions Calero VeraSMART versions prior to 2022 R1 Description An unauthenticated .NET Remoting HTTP service is exposed on TCP port 8001 in affected versions. The service publishes default ObjectURIs, including EndeavorServer.rem and...