| CVE ID | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2026-2400 | 4.3 | medium |
CVE-2026-2400. CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause
application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request
payload.
|
| CVE-2026-2401 | 2.8 | low |
CVE-2026-2401. CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential
information to be exposed when a Web Admin user executes a malicious file provided by an attacker.
|
| CVE-2026-2405 | 4.3 | medium |
CVE-2026-2405. CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting
zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout
requests.
|
| CVE-2026-2402 | 5.3 | medium |
CVE-2026-2402. CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an
attacker to gain access to the user account by performing an arbitrary number of authentication attempts with
different credentials on a sequence of requests to multiple endpoints.
|
| CVE-2026-2403 | 4.3 | medium |
CVE-2026-2403. CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and
Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request
payload.
|
| CVE-2026-2399 | 6.1 | medium |
CVE-2026-2399. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that
could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep
request payload.
|
| CVE-2026-2404 | 5.3 | medium |
CVE-2026-2404. CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and
forged log when an attacker alters the POST /j_security check request payload.
|