5 matches found
CVE-2025-10539
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
CVE-2025-10539 Improper TLS Certificate Validation RCE via Malicious Update in DeskTime Time Tracking App
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
CVE-2025-10539 Improper TLS Certificate Validation RCE via Malicious Update in DeskTime Time Tracking App
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
PT-2026-35686
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
DeskTime Time Tracking App 信任管理问题漏洞
DeskTime Time Tracking App is a time tracking and efficiency analysis tool developed by DeskTime Inc. Versions of the DeskTime Time Tracking App prior to 1.3.674 contained a trust management vulnerability. This vulnerability stemmed from improper TLS certificate verification, which could allow...