iWT FaceSentry Access Control System 安全漏洞

iWT FaceSentry Access Control System is a face recognition access control system from China's iWT Corporation. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which originates from the transmission of authentication credentials in clear text and could lead t...

iWT FaceSentry Access Control System 安全漏洞

iWT FaceSentry Access Control System is a face recognition access control system from the Chinese company iWT. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which originates from storing passwords in clear text and could lead to credential disclosure...

CVE-2019-25279

The CVE-2019-25279 entry applies to the FaceSentry Access Control System version 6.4.8. The vulnerability stems from cleartext password storage inside the device’s SQLite database, allowing an attacker to read credentials directly from /faceGuard/database/FaceSentryWeb.sqlite without authenticati...

CVE-2024-2422

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...

PT-2026-1677

Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System stores passwords in cleartext within the device’s SQLite database. This allows attackers to access unencrypted credentials directly from the...

PT-2026-1676

Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System is susceptible to a cleartext transmission issue. This allows remote attackers to intercept authentication credentials through man-in-the-middle...

CVE-2019-25241

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

CVE-2019-25241 FaceSentry Access Control System 6.4.8 Remote SSH Root Access

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

CVE-2018-25128 SOCA Access Control System 180612 SQL Injection and Authentication Bypass

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by...

PT-2025-53348

Name of the Vulnerable Software and Affected Versions SOCA Access Control System version 180612 Description The SOCA Access Control System is susceptible to a cross-site request forgery condition. This allows attackers to execute administrative actions without sufficient verification of requests...

iWT FaceSentry Access Control System 安全漏洞

The iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from an authenticated remote command injection in the pingTest.php and...

SOCA Access Control System 安全漏洞

SOCA Access Control System is an access control system from China's Sunchem SOCA. A security vulnerability exists in SOCA Access Control System version 180612, which stems from a lack of request validation and could lead to cross-site request forgery attacks...

iWT FaceSentry Access Control System 安全漏洞

The iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from susceptibility to cross-site request forgery attacks and could lead to the...

CVE-2025-68165

In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup...

CVE-2025-68165

CVE-2025-68165 is reported for JetBrains TeamCity: reflected XSS on the VCS Root setup in versions prior to 2025.11.0. The connected Nessus entry confirms the vulnerability exists in TeamCity

Mitsubishi Electric GT Designer3

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker obtain plaintext credentials from the project file for GT Designer3, which could result in illegally operating GOT2000 and GOT1000 series devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A cross-site scripting vulnerability exists in JetBrai...

CVE-2025-43875

creationtimestamp| type| source ---|---|--- 2025-12-11 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-01 2025-12-24 17:07:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3maqqscw3jm2c...

CVE-2025-40807

creationtimestamp| type| source ---|---|--- 2025-12-11 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-09...

CVE-2025-66586

creationtimestamp| type| source ---|---|--- 2025-12-11 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03 2025-12-17 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-1134/ 2025-12-17 05:00:00+00:00| seen|...