32 matches found
EUVD-2026-29828
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...
CVE-2026-35555
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...
CVE-2026-33570
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...
CVE-2026-26289
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...
CVE-2026-26289 Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...
CVE-2026-33570
The CVE affects the PowerSYSTEM Center REST API endpoint for devices. A low-privilege authenticated user can access information normally restricted by operational permissions, exposing confidential data (high impact on confidentiality per ICSCERT CVSS 3.1/4.0 metrics). Root cause described as ins...
CVE-2026-33570 Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...
CVE-2026-35504
CVE-2026-35504 affects PowerSYSTEM Center's email notification service, with a CRLF injection vulnerability when using SMTPS. The available data provides CVSS 4.0/3.1 base metrics (MEDIUM) and does not specify affected versions, root cause details, exploitation status, or remediation. The descrip...
PT-2026-40431
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
PT-2026-40441
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...
EUVD-2025-10827
Malicious code in bioql PyPI...
CVE-2023-6631
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges...
CVE-2025-31354
Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters...
CVE-2025-31935
Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition...
CVE-2025-31354
Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters...
CVE-2025-31935
CVE-2025-31935 concerns Subnet Solutions PowerSYSTEM Center. The issue is described as a mishandling of exceptional conditions: crafted data passed to the API can trigger an exception, resulting in a denial-of-service condition. CVSS metrics indicate a Local attack vector with Low attack complexi...
CVE-2025-31935 Subnet Solutions PowerSYSTEM Center Deserialization of Untrusted Data
Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition...
CVE-2025-31935 Subnet Solutions PowerSYSTEM Center Deserialization of Untrusted Data
Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition...
CVE-2025-31354
CVE-2025-31354 affects Subnet Solutions PowerSYSTEM Center’s SMTPS notification service. Importing an EC certificate with crafted F2m parameters can trigger excessive CPU consumption while evaluating curve parameters, constituting a denial-of-service condition. The available documents do not spec...
CVE-2025-31354 Subnet Solutions PowerSYSTEM Center Out-of-Bounds Read
Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters...