Filter and search through 197,498 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2025-59155 | ### Impact A Server-Side Request Forgery (SSRF) vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could expl... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2025-59145 | ### Impact On 8 September 2025, an npm publishing account for `color-name` was taken over after a phishing attack. Version `2.0.1` was published, func... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59144 | ### Impact On 8 September 2025, the npm publishing account for `debug` was taken over after a phishing attack. Version `4.4.2` was published, function... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59143 | ### Impact On 8 September 2025, the npm publishing account for `color` was taken over after a phishing attack. Version `5.0.1` was published, function... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59142 | ### Impact On 8 September 2025, the npm publishing account for `color-string` was taken over after a phishing attack. Version `2.1.1` was published, f... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59141 | ### Impact On 8 September 2025, the npm publishing account for `simple-swizzle` was taken over after a phishing attack. Version `0.2.3` was published,... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59140 | ### Impact On 8 September 2025, the npm publishing account for `backslash` was taken over after a phishing attack. Version `0.2.1` was published, func... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59109 | The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UA... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59108 | By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59107 | Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59105 | With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encry... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59104 | With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59103 | The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware rev... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59102 | The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains th... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59101 | Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As ... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59100 | The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59099 | The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, ... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59098 | The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TC... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59097 | The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59096 | The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locati... | 0.0 | 0 | Neutral | No | No |