VYPR

Capture

by Kofax

CVEs (2)

  • CVE-2026-23751CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint…

  • CVE-2023-5118MedJan 11, 2024
    risk 0.35cvss 5.4epss 0.00

    The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the…