Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2026/01/26 10:6 a.m.28 views

CVE-2025-59109 UART Leaking Sensitive Data in dormakaba registration unit 9002

The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...

5.1CVSS0.00456EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/01/26 12:0 a.m.3 views

Dormakaba registration unit 9002 security vulnerabilities

The Dormakaba Registration Units 9002 is a password input panel developed by the American company Dormakaba. There is a security vulnerability associated with the Dormakaba Registration Units 9002; this vulnerability stems from the exposed UART interface, which can leak button press data,...

5.1CVSS7.3AI score0.00456EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/01/17 3:22 a.m.2 views

CVE-2025-69581

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...

5.5CVSS6.5AI score0.00213EPSS
Exploits2References1
ATTACKERKB
ATTACKERKBadded 2026/01/16 12:0 a.m.2 views

CVE-2025-69581

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...

5.5CVSS5.4AI score0.00213EPSS
Exploits2References3
Snyk
Snykadded 2024/07/11 5:40 p.m.3 views

Cross-site Scripting

Overview org.fujion.webjars:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary JavaScript code...

6.4CVSS5.6AI score0.00466EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2024/01/30 3:25 p.m.2 views

xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leadin...

9.8CVSS5.7AI score0.02106EPSS
Exploits0References4
Rows per page
Query Builder