CVE-2026-12620

The CVE affects GridTime 3000 GNSS Time Server versions 1.0r0.03 through 1.1r0.0, where an access token is leaked in the URL parameters of certain endpoints. The issue is documented by NVD/CVE entries for CVE-2026-12620, with an attack surface described as NETWORK, requiring HIGH privileges and A...

CVE-2026-12619

The CVE-2026-12619 entry concerns Microchip GridTime 3000 GNSS Time Server, where an improper neutralization during web page generation enables Cross-Site Scripting (XSS). A CSRF-to-XSS chain affects GridTime 3000 versions 1.0r0.03–1.1r0.0. Exploit maturity is listed as ATTACKED, indicating in-th...

CVE-2026-12619 GridTime™ 3000 GNSS Time Server CSRF to XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting XSS. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

Astra Linux – Vulnerability in gpsd

In gpsd, before committing dc966aa, there is a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the...

CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

Debian dla-4441 : gpsd - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4441 advisory. [email protected] Subject: SECURITY DLA 4441-1 gpsd security update - ------------------------------------------------------------------------- Debia...

CVE-2019-11326

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same...

CVE-2019-11327

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system...

CVE-2019-25259 Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that...

CVE-2019-25259

CVE-2019-25259 affects Leica Geosystems GR10/GR25/GR30/GR50 GNSS software (version 4.30.063). The vulnerability is a cross-site request forgery that allows attackers to trigger administrative actions without proper request validation by tricking authenticated users into submitting malicious reque...

PT-2026-1672

Name of the Vulnerable Software and Affected Versions Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 Description The software contains a cross-site request forgery issue that could allow attackers to perform administrative actions without proper validation of requests. Attackers can...

SUSE CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

CVE-2025-67268

A flaw was found in gpsd. The hnd129540 function, responsible for handling NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to properly validate the user-supplied satellite count. A remote attacker can exploit this by sending a specially crafted packet with an excessive satellite count,...

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

UBUNTU-CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

CVE-2025-67268

gpsd contains a heap-based out-of-bounds write in drivers/driver_nmea2000.c (PGN 129540 handling). The hnd_129540 function validates the satellite count against a 184-element skyview array, but an input satellite count up to 255 can overflow the array, causing memory corruption, DoS, and potentia...

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

PT-2025-53352

Name of the Vulnerable Software and Affected Versions Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 Description The software contains a stored cross-site scripting issue in the configuration file upload functionality. An attacker can upload a malicious HTML file that will execute...

CVE-2025-20746

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010441; Issue ID: MSV-3967...