CVE-2025-40773

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

CVE-2022-31807

A vulnerability has been identified in Building X - Security Manager Edge Controller ACC-AP All versions. Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a...

CVE-2025-40772

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications are vulnerable to stored Cross-Site Scripting XSS, allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page. Successful exploitation...

CVE-2022-31810

A vulnerability has been identified in SiPass integrated All versions V2.90.3.8. Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow. This could allow an unauthenticated remote attacker to crash...

CVE-2022-31812

A vulnerability has been identified in SiPass integrated All versions V2.95.3.18. Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial...

CVE-2022-31808

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V2.85.44, SiPass integrated ACC-AP All versions V2.85.43. Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by...

CVE-2025-40774

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...

CVE-2025-40773

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

CVE-2025-40774

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...

CVE-2025-40772

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications are vulnerable to stored Cross-Site Scripting XSS, allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page. Successful exploitation...

CVE-2025-40774

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...

CVE-2025-40773

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

CVE-2025-40774

CVE-2025-40774 affects SiPass integrated prior to v3.0. The vulnerability stems from passwords stored in the server’s database with decryption keys accessible to administrators, enabling password recovery. Exploitation could allow an attacker with admin access to obtain and use valid user passwor...

CVE-2025-40774

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...

EUVD-2025-34157

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...

CVE-2025-40774

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...

CVE-2025-40773

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

EUVD-2025-34158

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

CVE-2025-40773

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

CVE-2025-40773

SiPass integrated (pre-3.0) contains a broken access control vulnerability where the authorization checks are insufficient on the server side, allowing a crafted API request to manipulate data of other users. Reported across multiple feeds (including Red Hat, NVD, CIRCL, and PT Security), with CV...