Explore CVEs

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains th...

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As ...

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started...

The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, ...

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TC...

The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface...

The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locati...

The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt...

A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this applica...

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static ra...

An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interpr...

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. Thi...

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, netw...

dstack is a software development kit (SDK) to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions...

### Impact Angular uses a DI container (the "platform injector") to hold request-specific state during server-side rendering. For historical reasons,...

The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discov...

In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `I...

Stalwart is a mail and collaboration server. Starting in version 0.12.0 and prior to version 0.13.3, a memory exhaustion vulnerability exists in Stalw...

### Impact Due to a special entry being appended to `sys.path` during the bootstrap process of a PyInstaller-frozen application, and due to the boots...