Skip to main content

Okta

2 CVEs infrastructure

Monthly

CVE-2026-25193 HIGH PATCH This Week

Credential exposure in Gallagher Command Centre Service installers writes Service Account credentials into installer log files under %programdata%\Gallagher\Command Centre, allowing a local low-privileged user who can read those logs to recover the configured Service Account password. The flaw (CWE-532) affects a broad set of Gallagher Command Centre components including Command Centre Server, Active Directory Sync, Entra ID Sync, Elevator Service, Middleware Framework and others, but only when the operator deviated from the default Network Service account during install. There is no public exploit identified at time of analysis and EPSS is 0.01%, but a successful read yields high-impact credential compromise of a privileged service identity.

Information Disclosure Command Centre Server Active Directory Sync Cardholder Sync Utility Diagnostics Service +11
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-39604 MEDIUM This Month

MyBookTable Bookstore WordPress plugin versions 3.6.0 and earlier allow authenticated high-privilege users to inject malicious scripts that are stored and executed in the browsers of other users, enabling stored cross-site scripting (XSS) attacks. The vulnerability requires admin-level authentication and user interaction from victims to trigger, limiting real-world exploitation scope despite network accessibility. EPSS probability is exceptionally low at 0.03%, reflecting the authentication and interaction barriers.

XSS Mybooktable Bookstore Okta
NVD
CVSS 3.1
5.9
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Credential exposure in Gallagher Command Centre Service installers writes Service Account credentials into installer log files under %programdata%\Gallagher\Command Centre, allowing a local low-privileged user who can read those logs to recover the configured Service Account password. The flaw (CWE-532) affects a broad set of Gallagher Command Centre components including Command Centre Server, Active Directory Sync, Entra ID Sync, Elevator Service, Middleware Framework and others, but only when the operator deviated from the default Network Service account during install. There is no public exploit identified at time of analysis and EPSS is 0.01%, but a successful read yields high-impact credential compromise of a privileged service identity.

Information Disclosure Command Centre Server Active Directory Sync +13
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

MyBookTable Bookstore WordPress plugin versions 3.6.0 and earlier allow authenticated high-privilege users to inject malicious scripts that are stored and executed in the browsers of other users, enabling stored cross-site scripting (XSS) attacks. The vulnerability requires admin-level authentication and user interaction from victims to trigger, limiting real-world exploitation scope despite network accessibility. EPSS probability is exceptionally low at 0.03%, reflecting the authentication and interaction barriers.

XSS Mybooktable Bookstore Okta
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy