218 matches found
CVE-2026-12620
The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...
CVE-2026-12620
The CVE affects GridTime 3000 GNSS Time Server versions 1.0r0.03 through 1.1r0.0, where an access token is leaked in the URL parameters of certain endpoints. The issue is documented by NVD/CVE entries for CVE-2026-12620, with an attack surface described as NETWORK, requiring HIGH privileges and A...
EUVD-2026-38041
The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...
CVE-2026-12621
GridTime 3000 GNSS Time Server Password Reset form is vulnerable to XSS due to improper neutralization of input during web page generation. Affected from 1.0r0.03 up to, but not including, 1.2r0.0. Base CVSS v4 score is 5.3 (Medium). No exploitation details are provided in the documents; no remed...
CVE-2026-12622 Open Redirect Vulnerability in Password Reset Submission in GridTime™ 3000 GNSS Time Server
The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...
CVE-2026-12622
The GridTime 3000 GNSS Time Server presents an open redirect vulnerability in its password change form submission affecting versions 1.0r0.03 through 1.1r0.0. The issue is described as an open redirect in the password change flow; no further exploitation details, impact scope, or remediation are ...
EUVD-2026-38039
The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...
CVE-2026-12619
The CVE-2026-12619 entry concerns Microchip GridTime 3000 GNSS Time Server, where an improper neutralization during web page generation enables Cross-Site Scripting (XSS). A CSRF-to-XSS chain affects GridTime 3000 versions 1.0r0.03–1.1r0.0. Exploit maturity is listed as ATTACKED, indicating in-th...
CVE-2026-12619 GridTime™ 3000 GNSS Time Server CSRF to XSS
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting XSS. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...
EndRun Technologies Sonoma Cross-site Scripting (CVE-2025-60961)
Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. This plugin only works with Tenable.ot. Please visit...
EndRun Technologies Sonoma OS Command Injection (CVE-2025-60959)
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
EndRun Technologies Sonoma Cross-site Scripting (CVE-2025-60958)
Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
EndRun Technologies Sonoma Cross-site Scripting (CVE-2025-60967)
Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
EndRun Technologies Sonoma OS Command Injection (CVE-2025-60964)
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts. This plugin...
EndRun Technologies Sonoma Path Traversal (CVE-2025-60969)
Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEV...
EndRun Technologies Sonoma Cross-Site Request Forgery (CVE-2025-60956)
Cross Site Request Forgery CSRF vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information. This plugin only works with...
EndRun Technologies Sonoma OS Command Injection (CVE-2025-60962)
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. This plugin only works with Tenable.ot. Please visit...
EndRun Technologies Sonoma OS Command Injection (CVE-2025-60965)
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts. This plugin...
EndRun Technologies Sonoma OS Command Injection (CVE-2025-60960)
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information. This plugin only works with Tenable.ot. Please...
CVE-2025-34308
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATEVALUE parameter when updating the default time synchronization settings. When the default values...