CVE-2026-25551

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

CVE-2026-25550 Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

CVE-2026-25550 Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

PT-2026-46297

Name of the Vulnerable Software and Affected Versions BarTender 2010 BarTender 2016 versions prior to R10 BarTender 2019 versions prior to R11 Description An unauthenticated remote code execution issue exists in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The...

CVE-2026-39906

CVE-2026-39906 affects Unisys WebPerfect Image Suite v3.0.3960.22810 and v3.0.3960.22604. The root cause is exposure of a deprecated .NET Remoting TCP channel, enabling remote unauthenticated attackers to leak NTLMv2 machine-account hashes by passing a Windows UNC path as a target file argument v...

CVE-2026-21665

The Print Service component of Fiserv Originate Loans Peripherals formerly Velocity Services in unsupported version 2021.2.4 build 4.7.3155.0011 uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted network ...

PT-2026-21572

Name of the Vulnerable Software and Affected Versions Fiserv Originate Loans Peripherals version 2021.2.4 build 4.7.3155.0011 Description The Print Service component of Fiserv Originate Loans Peripherals utilizes deprecated .NET Remoting TCP channels that permit unsafe deserialization of untruste...

CVE-2026-26333

The CVE describes an unauthenticated .NET Remoting HTTP service on TCP port 8001 in VeraSMART versions prior to 2022 R1. It exposes default ObjectURIs (e.g., EndeavorServer.rem, RemoteFileReceiver.rem) and allows SOAP/binary formatters with TypeFilterLevel set to Full. An unauthenticated attacker...

CVE-2026-26221 Hyland OnBase Timer Service Unauthenticated .NET Remoting RCE

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service Hyland.Core.Workflow.NTService.exe. An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 e.g., TimerServiceAPI.rem and...

CVE-2026-26221

Hyland OnBase exposes an unauthenticated .NET Remoting endpoint in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe) and reportedly affects the Workview Timer Service. An attacker who can reach TCP/8900 endpoints (e.g., TimerServiceAPI.rem, TimerServiceEvents.rem) via default...

CVE-2026-23746

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

CVE-2025-34394 Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution...

CVE-2025-34414

Entrust Instant Financial Issuance (IFI) On Premise (CardWizard) versions 5.x, before 6.10.5 and before 6.11.1, contain an insecure .NET Remoting exposure in the Legacy Remoting Service enabled by default. The Legacy Remoting Service registers a TCP remoting channel with SOAP and binary formatter...

CVE-2024-53915

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communication platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.2 that originates from untrusted data received on the .NET Remoting TCP port th...

PT-2024-10286 · Veritas · Veritas Enterprise Vault

Name of the Vulnerable Software and Affected Versions: Veritas Enterprise Vault versions prior to 15.2 Description: The issue allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This is due to insufficient deserializatio...

Veritas Enterprise Vault 代码问题漏洞

Veritas Enterprise Vault is an enterprise-class file protection, archive automation software from Veritas, Inc. A security vulnerability exists in Veritas Enterprise Vault 14.1.2 and prior versions, where Enterprise Vault applications start multiple services that listen on NET Remoting TCP port t...

Veritas Enterprise Vault 代码问题漏洞

Veritas Enterprise Vault is an enterprise-grade file protection, archiving automation software from Veritas, USA. A security vulnerability exists in Veritas Enterprise Vault 14.1.2 and prior versions where the Enterprise Vault application starts multiple services that listen for commands from the...

PT-2025-50337

Name of the Vulnerable Software and Affected Versions Barracuda Service Center versions prior to 2025.1.1 Description Barracuda Service Center, part of the RMM solution, has a .NET Remoting service that does not adequately protect against the deserialization of arbitrary types. This can allow for...