16 matches found
CVE-2025-49153
The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code...
CVE-2025-49151
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens JWT to bypass authentication...
CVE-2025-49151
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens JWT to bypass authentication...
CVE-2025-49153 Path Traversal in MICROSENS NMP Web+
The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code...
CVE-2025-49153 Path Traversal in MICROSENS NMP Web+
The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code...
CVE-2025-49153
CVE-2025-49153 is a path-traversal flaw in MICROSENS NMP Web+ that allows an unauthenticated attacker to overwrite files and execute arbitrary code. Several sources (NVD/NVD-like, CVE lists, and CISA ICS advisory ICSA-25-175-07) describe the issue as unauthenticated and capable of arbitrary code ...
CVE-2025-49152
CVE-2025-49152 affects MICROSENS NMP Web+ where issued JWTs do not expire, enabling potential unauthenticated access. Connected documents confirm that tokens can be forged or used to bypass authentication, potentially allowing file overwrites or arbitrary code execution in affected products. Affe...
CVE-2025-49152 Insufficient Session Expiration in MICROSENS NMP Web+
The affected products contain JSON Web Tokens JWT that do not expire, which could allow an attacker to gain access to the system...
CVE-2025-49152 Insufficient Session Expiration in MICROSENS NMP Web+
The affected products contain JSON Web Tokens JWT that do not expire, which could allow an attacker to gain access to the system...
CVE-2025-49151 Use of Hard-coded, Security-relevant Constants in MICROSENS NMP Web+
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens JWT to bypass authentication...
CVE-2025-49151 Use of Hard-coded, Security-relevant Constants in MICROSENS NMP Web+
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens JWT to bypass authentication...
CVE-2025-49151
CVE-2025-49151 affects MICROSENS NMP Web+; an unauthenticated attacker could forge JSON Web Tokens (JWT) to bypass authentication. PT-2025-26855 specifies affected versions: MICROSENS NMP Web+ prior to 3.3.0, with a fix in 3.3.0. The risk is described as enabling unauthorized access and potential...
PT-2025-26855 · Microsens · Microsens Nmp Web+
Name of the Vulnerable Software and Affected Versions: MICROSENS NMP Web+ versions prior to 3.3.0 Description: The issue allows an unauthenticated attacker to generate forged JSON Web Tokens JWT to bypass authentication. This could potentially lead to full system control. Organizations worldwide...
PT-2025-26856 · Microsens · Microsens Nmp Web+
Name of the Vulnerable Software and Affected Versions: MICROSENS NMP Web+ affected versions not specified Description: The issue concerns JSON Web Tokens JWT that do not expire in MICROSENS NMP Web+, potentially allowing an attacker to gain access to the system. Recommendations: At the moment,...
PT-2025-26857 · Microsens · Microsens Nmp Web+
Name of the Vulnerable Software and Affected Versions: MICROSENS NMP Web+ affected versions not specified Description: The issue could allow an unauthenticated attacker to overwrite files and execute arbitrary code. Recommendations: At the moment, there is no information about a newer version tha...
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems ICS advisories on June 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-175-01 Kaleris Navis N4 Terminal Operating System ICSA-25-175-02 Delta Electronics...