3 matches found
EUVD-2026-33262
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...
CVE-2026-10056
CVE-2026-10056 – Nx Witness VMS : A CORS misconfiguration in the REST API (pre-6.1.2) running in Standard security mode on Linux/Windows allows an unauthenticated attacker to exfiltrate a user session token and perform Administrator Account Takeover via a malicious cross-origin page. The High sec...
PT-2026-44762
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...