10 matches found
📄 DeskTime Time Tracking App 1.3.671 Missing Certificate / Remote Code Execution
DeskTime Time Tracking App version 1.3.671 has an issue where due to missing TLS certificate validation, attackers, who can inject themselves into the network path between the client and the DeskTime update servers, can return a malicious executable in response to an update request and achieve...
CVE-2025-10539
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
CVE-2025-10539
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
CVE-2025-10539
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
CVE-2025-10539 Improper TLS Certificate Validation RCE via Malicious Update in DeskTime Time Tracking App
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
CVE-2025-10539
CVE-2025-10539 : DeskTime Time Tracking App contains improper TLS certificate validation before version 1.3.674. An attacker who can position themselves in the network path between the client and DeskTime update servers can respond to an update request with a malicious executable, resulting in us...
EUVD-2025-209580
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
CVE-2025-10539 Improper TLS Certificate Validation RCE via Malicious Update in DeskTime Time Tracking App
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
DeskTime Time Tracking App 信任管理问题漏洞
DeskTime Time Tracking App is a time tracking and efficiency analysis tool developed by DeskTime Inc. Versions of the DeskTime Time Tracking App prior to 1.3.674 contained a trust management vulnerability. This vulnerability stemmed from improper TLS certificate verification, which could allow...
PT-2026-35686
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...