5.3
CVE-2026-1698 - HTTP Host header vulnerability in WebClient and WebScheduler web apps
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints /Authentication/Exteβ¦
5.3
CVE-2026-1697 - Use of unsecure cookies for GraphicalData web service and WebClient web app
The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.
2.3
CVE-2026-1696 - Missing security HTTP headers
Some HTTP security headers are not properly set by the web server when sending responses to the client application.
5.3
CVE-2026-1695 - XSS vulnerability upon unsuccessful authentication
An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authenticβ¦
2.3
CVE-2026-1694 - Server configuration details in HTTP headers
HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information aβ¦
5.3
CVE-2026-1693 - Use of vulnerable Resource Owner Password Credentials flow
The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentiβ¦
5.3
CVE-2026-1692 - Missing origin validation in GraphicalData web service requests
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a maliciouβ¦
8.4
CVE-2026-25191 - FinalCode Client Installer DLL Search Path Manipulation Allows Arbitrary Code Execution
The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege.
8.5
CVE-2026-23703 - Incorrect Default Permissions in FinalCode Client Installer Enable SYSTEM Privilege Escalation
The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege.
8.8
CVE-2026-1311 - Worry Proof Backup <= 0.2.4 - Authenticated (Subscriber+) Path Traversal via Backup Upload
The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path traverβ¦