Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

EUVD
EUVDadded 2025/10/21 12:31 p.m.4 views

EUVD-2025-35159

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive...

6.6AI score0.00887EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/21 11:48 a.m.2 views

CVE-2025-10641 Unencrypted cleartext communication in EfficientLab WorkExaminer Professional

All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...

6.4AI score0.00297EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/21 11:43 a.m.8 views

CVE-2025-10640 Missing Server-Side Authentication Checks in EfficientLab WorkExaminer Professional

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive...

0.00887EPSS
Exploits0References1
CVE
CVEadded 2025/10/21 11:43 a.m.13 views

CVE-2025-10640

CVE-2025-10640 affects EfficientLab’s WorkExaminer Professional (server components). An unauthenticated attacker who can reach TCP port 12306 can bypass server-side authentication due to a missing validation in the protocol call to an MSSQL stored procedure; the client-side validation is relied u...

9.8CVSS6.7AI score0.00887EPSS
Exploits0References2
CVE
CVEadded 2025/10/21 11:36 a.m.16 views

CVE-2025-10639

CVE-2025-10639 affects WorkExaminer Professional Server. The FTP service on port 12304 uses weak hardcoded credentials, allowing an attacker with network access to login, modify/read data, and achieve remote code execution as NT AUTHORITY\SYSTEM by exchanging accessible binaries in the WorkExamin...

8.8CVSS7.8AI score0.00879EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/10/21 11:36 a.m.10 views

CVE-2025-10639 Usage of Hardcoded FTP Credentials EfficientLab WorkExaminer Professional

The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code...

0.00879EPSS
Exploits0References1
Rows per page
Query Builder