Lucene search
K

390 matches found

Vulnrichment
Vulnrichment
added 2026/03/03 2:40 a.m.4 views

CVE-2026-20757

Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...

2.5CVSS5.9AI score0.00069EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/03 2:40 a.m.6 views

EUVD-2026-9275

Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...

2.5CVSS5.9AI score0.00069EPSS
Exploits0References1
CVE
CVE
added 2026/03/03 2:40 a.m.12 views

CVE-2026-20757

CVE-2026-20757 is an Improper Locking (CWE-667) vulnerability in the Gallagher Morpho integration affecting the Command Centre Server. Affected versions include 9.40 before vEL9.40.1976(MR1), 9.30 before vEL9.30.3382(MR4), 9.20 before vEL9.20.3783(MR6), 9.10 before vEL9.10.4647(MR9), and all 9.00...

2.5CVSS5.9AI score0.00069EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/03 2:39 a.m.3 views

CVE-2025-47147

Cleartext Storage of Sensitive Information CWE-312 in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile...

5.7CVSS6AI score0.00071EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/03 2:39 a.m.3 views

CVE-2025-47147

Cleartext Storage of Sensitive Information CWE-312 in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile...

5.7CVSS6AI score0.00071EPSS
Exploits0References1
CVE
CVE
added 2026/03/03 2:39 a.m.12 views

CVE-2025-47147

CVE-2025-47147 describes Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client for Android and iOS. The issue could allow an attacker with access to a logged-in operator’s mobile device to extract the session token and gain access for a limited duration. Affecte...

5.7CVSS6AI score0.00071EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/03 2:39 a.m.8 views

EUVD-2025-208224

Cleartext Storage of Sensitive Information CWE-312 in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile...

5.7CVSS6AI score0.00071EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.7 views

Gallagher Command Centre Server 安全漏洞

The Gallagher Command Centre Server is a management system developed by the New Zealand-based Gallagher company, used for monitoring and managing infrastructure within buildings. There is a security vulnerability in the Gallagher Command Centre Server, caused by improper locking mechanisms, which...

2.5CVSS5.8AI score0.00069EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-22716

Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...

2.5CVSS5.9AI score0.00069EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.6 views

Gallagher Command Centre Mobile Client 安全漏洞

Gallagher Command Centre Mobile Client is a mobile application developed by the New Zealand-based company Gallagher. Versions of Gallagher Command Centre Mobile Client prior to version 9.40.123 contained security vulnerabilities. These vulnerabilities stemmed from the storage of sensitive...

5.7CVSS5.8AI score0.00071EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-22715

Cleartext Storage of Sensitive Information CWE-312 in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile...

5.7CVSS6AI score0.00071EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.16 views

CVE-2020-7215

An issue was discovered in Gallagher Command Centre 7.x before 7.90.991MR5, 8.00 before 8.00.1161MR5, and 8.10 before 8.10.1134MR4. External system configuration data used for third party integrations such as DVR systems were logged in the Command Centre event trail. Any authenticated operator wi...

5.5CVSS7AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:2 a.m.13 views

CVE-2023-25074

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...

7.1CVSS6.8AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.12 views

CVE-2022-26348

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded in...

8.2CVSS7.9AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.8 views

CVE-2024-41724

Improper Certificate Validation CWE-295 in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043...

8.7CVSS6.7AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 4:16 a.m.3 views

CVE-2025-52457

Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...

5.7CVSS6.6AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 4:16 a.m.4 views

CVE-2025-52578

Incorrect Usage of Seeds in Pseudo-Random Number Generator CWE- 335 vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in...

5.7CVSS6.6AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 4:16 a.m.3 views

CVE-2025-64734

Missing Release of Resource after Effective Lifetime CWE-772 in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. This issue affects Command Centre Server: 9.30...

2.4CVSS6.5AI score0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 6:30 a.m.6 views

EUVD-2025-197914

Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...

5.7CVSS6.1AI score0.0013EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 6:30 a.m.4 views

EUVD-2025-197912

Missing Release of Resource after Effective Lifetime CWE-772 in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. This issue affects Command Centre Server: 9.30...

2.4CVSS6.1AI score0.00144EPSS
Exploits0References2
Rows per page
Query Builder