75 matches found
EUVD-2026-29831
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...
EUVD-2026-29829
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...
EUVD-2026-29828
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...
CVE-2026-33570
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...
CVE-2026-35555
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...
CVE-2026-26289
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...
EUVD-2026-29830
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
CVE-2026-35504
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
CVE-2026-26289 Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...
CVE-2026-26289 Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...
CVE-2026-26289
CVE-2026-26289 affects PowerSYSTEM Center: the REST API endpoint used for device account export has incorrect authorization, permitting an authenticated user with limited permissions to access data normally restricted to administrators. The issue exposes sensitive information and is backed by hig...
CVE-2026-33570
The CVE affects the PowerSYSTEM Center REST API endpoint for devices. A low-privilege authenticated user can access information normally restricted by operational permissions, exposing confidential data (high impact on confidentiality per ICSCERT CVSS 3.1/4.0 metrics). Root cause described as ins...
CVE-2026-33570 Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...
CVE-2026-33570
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...
CVE-2026-33570 Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...
CVE-2026-35555
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...
CVE-2026-35555 Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...
CVE-2026-35555
CVE-2026-35555 affects Subnet Solutions PowerSYSTEM Center: the device project groups feature permits an authenticated user with limited permissions to perform an unauthorized deletion of project groups. The description identifies an authorization issue in the project groups workflow without deta...
CVE-2026-35504 Subnet Solutions PowerSYSTEM Center CRLF injection
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
CVE-2026-35504
CVE-2026-35504 affects PowerSYSTEM Center's email notification service, with a CRLF injection vulnerability when using SMTPS. The available data provides CVSS 4.0/3.1 base metrics (MEDIUM) and does not specify affected versions, root cause details, exploitation status, or remediation. The descrip...