CVE-2026-3893 Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

CVE-2026-3893

The CVE-2026-3893 affects the Carlson VASCO-B GNSS Receiver. The connected PT-Security entry indicates attackers can exploit the absence of authentication to gain unauthenticated remote access, escalate privileges, and move laterally within manufacturing networks, enabling modification of configu...

CVE-2026-3893 Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

EUVD-2026-26081

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

Carlson VASCO-B GNSS Receiver 访问控制错误漏洞

The Carlson VASCO-B GNSS Receiver is a high-precision satellite positioning receiving device developed by the American company Carlson. The Carlson VASCO-B GNSS Receiver has a access control vulnerability, which stems from the lack of an authentication mechanism. This vulnerability may allow...

Carlson Software VASCO-B GNSS Receiver

RISK EVALUATION Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...

EUVD-2015-7273

Malware in sbrugna...

EUVD-2013-7069

Malware in sbrugna...

EUVD-2025-16041

Malicious code in bioql PyPI...

CVE-2025-25539

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu...

CVE-2013-7292

VASCO IDENTIKEY Authentication Server IAS 3.4.x allows remote authenticated users to bypass Active Directory AD authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password...

CVE-2025-25539

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu...

CVE-2025-25539

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu...

CVE-2025-25539

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu...

PT-2025-22402

Name of the Vulnerable Software and Affected Versions Vasco versions 3.14 and earlier Description The issue allows a remote attacker to obtain sensitive information via the help menu. This is due to a Local File Inclusion vulnerability. Recommendations For versions 3.14 and earlier, consider...

CVE-2025-25539

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu...

Vasco Self-Service Portal 安全漏洞

Vasco Self-Service Portal is a self-service portal from Vasco, Inc. A security vulnerability exists in Vasco Self-Service Portal v3.14 and earlier versions, which originates from a local file inclusion in the Help menu and could lead to the disclosure of sensitive information...

CVE-2025-25539

CVE-2025-25539 concerns Vasco Self-Service Portal (v3.14 and earlier). The vulnerability is a Local File Inclusion in the Help menu that could disclose sensitive information. Exploitation context: remote attacker may access via the Help menu; CVSS v3.1 base score 6.5 (MEDIUM) with network attack ...

blogs.diariovasco.com Cross Site Scripting vulnerability OBB-3850779

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

blogs.diariovasco.com Cross Site Scripting vulnerability OBB-3825652

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...