CVE-2025-59098

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

Putting Privacy to the Test: Introducing Red Teaming for Research Data Anonymization

Recently, the data protection practices of researchers in human-computer interaction and elsewhere have gained attention. Initial results suggest that researchers struggle with anonymization, partly due to a lack of clear, actionable guidance. In this work, we propose simulating re-identification...

CVE-2025-59090

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...

CVE-2025-59109 UART Leaking Sensitive Data in dormakaba registration unit 9002

The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...

CVE-2025-59105 Unencrypted Flash Storage in dormakaba access manager

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

CVE-2025-59098 Trace Functionality Leaking Sensitive Data in dormakaba access manager

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

EUVD-2025-206362

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the tracking function does not require authentication or encryption, and the transmitted...

EUVD-2026-4550

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

EUVD-2026-4294

Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application...

EUVD-2026-4320

In the Linux kernel, the following vulnerability has been resolved: net: do not write to msggetinq in callee NULL pointer dereference fix. msggetinq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This is a kernel-internal varia...

EUVD-2026-4360

Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through = 1.6.7...

EUVD-2026-4384

Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through = 1.0.8...

EUVD-2026-4371

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: fro...

EUVD-2026-4394

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

EUVD-2026-4432

Not used...

EUVD-2026-4490

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the...

EUVD-2026-4447

ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...

EUVD-2026-4249

A reflected cross-site scripting XSS vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...