261 matches found
CVE-2025-66548
The Nextcloud Deck app allows spoofing file extensions by using RTLO characters, causing a mismatch between the displayed and actual extension. Affected versions are prior to 1.12.7, 1.14.4, and 1.15.1; fixes are in 1.12.7, 1.14.4, and 1.15.1. Exploitation details are not provided in the supplied...
CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...
Deck app allows to spoof file extensions by using RTLO characters
None...
Deck app allowed user with "Can share" permission to modify permissions of other non-owners
None...
PT-2025-49299
Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.14.6 Nextcloud Deck versions prior to 1.15.2 Description Nextcloud Deck is a kanban style organization tool for personal and team project management integrated with Nextcloud. A flaw in the permission logic...
PT-2025-49297
Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.12.7 Nextcloud Deck versions prior to 1.14.4 Nextcloud Deck versions prior to 1.15.1 Description Nextcloud Deck is a kanban style organization tool for personal planning and project organization integrated wi...
Deck 安全漏洞
Deck is a Kanban style organization tool open-sourced by Nextcloud. Designed for personal planning and project organization for teams integrating with Nextcloud. A security vulnerability exists in Deck versions prior to 1.12.7, prior to 1.14.4, and prior to 1.15.1, which stems from a file extensi...
CVE-2025-34501
Deck Mate 2 ships with static, hard-coded credentials for the root shell and web UI, and exposes multiple management services by default (SSH, HTTP, Telnet, SMB, X11). An attacker with local or near-local access (e.g., USB or Ethernet ports under the table) can login as admin and gain full contro...
Light & Wonder Deck Mate 安全漏洞
Light & Wonder Deck Mate is an automated licensing device from Light & Wonder UK. A security vulnerability exists in the Light & Wonder Deck Mate that stems from the use of hard-coded credentials and the enabling of multiple management services by default, which could lead to unauthorized...
PT-2025-44802
Name of the Vulnerable Software and Affected Versions Deck Mate 2 affected versions not specified Description Deck Mate 2 is shipped with pre-set, unchanging credentials for both the root shell and the web user interface. Multiple management services, including SSH, HTTP, Telnet, SMB, and X11, ar...
CVE-2025-34503
Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update...
CVE-2025-34503
Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update...
CVE-2025-34503 Shuffle Master Deck Mate 1 Unauthenticated EEPROM Firmware Execution
Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update...
CVE-2025-34502
The CVE-2025-34502 entry affects Deck Mate 2 by lacking a verified secure-boot chain and runtime integrity validation for its controller and display modules. This allows a physically proximate attacker to modify or replace the bootloader, kernel, or filesystem, enabling persistent code execution ...
CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
CVE-2025-34500 Shuffle Master Deck Mate 2 Insecure Update Chain
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...
CVE-2025-34500 Shuffle Master Deck Mate 2 Insecure Update Chain
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...
CVE-2025-34500
CVE-2025-34500 affects Deck Mate 2. The firmware update mechanism accepts unsigned packages, uses a single hard-coded AES key for encryption, and applies a truncated HMAC for integrity, enabling an attacker with USB/update-interface access to craft/modify firmware to execute arbitrary code as roo...
PT-2025-43689
Name of the Vulnerable Software and Affected Versions Deck Mate 1 affected versions not specified Description Deck Mate 1 executes firmware directly from an external EEPROM without verifying its authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to execu...