397 matches found
CVE-2026-25193
Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...
CVE-2026-25193
Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...
PT-2026-43004
Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...
Gallagher Command Centre Service 安全漏洞
Gallagher Command Center Service is a security management platform service component of Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre Service that stems from the insertion of sensitive information into log files, which could lead to the disclosure of service...
CVE-2026-1913
The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's loginlink shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...
CVE-2026-1913
The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's loginlink shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...
CVE-2026-1913
The Gallagher Website Design plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability via the login_link shortcode, present in all versions up to and including 2.6.4. The issue stems from insufficient input sanitization and output escaping on the 'prefix' attribute, a...
CVE-2026-1913
The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's loginlink shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...
CVE-2026-1913 Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute
The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's loginlink shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...
CVE-2026-1913 Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute
The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's loginlink shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...
WordPress plugin Gallagher Website Design 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-20757
Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...
CVE-2026-20801
Cleartext Transmission of Sensitive Information CWE-319 in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration...
CVE-2026-20757
Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...
CVE-2026-20801
Cleartext Transmission of Sensitive Information CWE-319 in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration...
EUVD-2026-9276
Cleartext Transmission of Sensitive Information CWE-319 in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration...
CVE-2026-20801
Cleartext Transmission of Sensitive Information CWE-319 in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration...
CVE-2026-20801
Cleartext Transmission of Sensitive Information CWE-319 in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration...
CVE-2026-20801
Cleartext Transmission of Sensitive Information CWE-319 in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration...
CVE-2026-20801
CVE-2026-20801 describes a cleartext transmission flaw (CWE-319) in a component used by Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations. Unprivileged users on the local network could view live video streams due to this issue. Affected are Gallagher NxWitness VMS integration versions...