Explore CVEs

### Impact On 8 September 2025, the npm publishing account for `simple-swizzle` was taken over after a phishing attack. Version `0.2.3` was published,...

### Impact On 8 September 2025, the npm publishing account for `backslash` was taken over after a phishing attack. Version `0.2.1` was published, func...

The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UA...

By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is...

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encry...

With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable...

The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware rev...

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains th...

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As ...

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started...

The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, ...

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TC...

The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface...

The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locati...

The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt...

A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this applica...

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static ra...

An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interpr...