Lucene search
K

160 matches found

NVD
NVD
added 6 days ago10 views

CVE-2026-14868

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS0.0005EPSS
Exploits0References1
NVD
NVD
added 6 days ago13 views

CVE-2026-14867

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS0.00092EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42032

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS5.9AI score0.0005EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-14868

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS5.9AI score0.0005EPSS
Exploits0References2
CVE
CVE
added 6 days ago15 views

CVE-2026-14868

The issue involves PcVue projects where the encryption protecting user account configurations in the built‑in user directory is too weak for prior versions (

8.4CVSS5.9AI score0.0005EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-14867 Insecure password storage in User directory

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS0.00092EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42031

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS5.9AI score0.00092EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-14867

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS5.9AI score0.00092EPSS
Exploits0References2
CVE
CVE
added 6 days ago14 views

CVE-2026-14867

PcVue projects store credentials for built-in users insecurely in the User directory, affecting all versions before 17.0.0. A local attacker could retrieve these credentials, impacting confidentiality. Active Directory accounts are not affected. The provided documents do not include explicit reme...

6.8CVSS5.9AI score0.00092EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56173

Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description Credentials for built-in users are stored insecurely within the User directory of projects. This allows a local attacker to retrieve these credentials. Active Directory accounts are not affected by th...

6.8CVSS6.1AI score0.00092EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56174

Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description The encryption algorithm used to protect the configuration of user accounts within the built-in user directory of projects is insufficient. This weakness allows a local attacker to modify the existing...

8.4CVSS6.1AI score0.0005EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.7 views

CVE-2026-1694

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

4.3CVSS5.9AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.8 views

CVE-2026-1695

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user...

6.1CVSS5.9AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.10 views

CVE-2026-1697

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included...

6.5CVSS5.9AI score0.00117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.4 views

CVE-2026-1693

The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...

7.5CVSS6AI score0.00314EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.6 views

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

6.1CVSS6AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.9 views

CVE-2026-1692

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a...

6.1CVSS6AI score0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 9:30 a.m.9 views

EUVD-2026-8836

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a...

5.3CVSS5.5AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/26 9:30 a.m.8 views

EUVD-2026-8838

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

2.3CVSS5.3AI score0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/26 9:30 a.m.8 views

EUVD-2026-8837

The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...

5.3CVSS5.5AI score0.00314EPSS
Exploits0References2
Rows per page
Query Builder