5 matches found
CVE-2025-59097 Unauthenticated SOAP API in dormakaba access manager
The exos 9300 application can be used to configure Access Managers e.g. 92xx, 9230 and 9290. The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via...
CVE-2025-52338
An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack...
CVE-2025-52338
CVE-2025-52338 affects LogicData eCommerce Framework (v5.0.9.7000). The vulnerability stems from a misconfigured default in the password reset function, enabling an attacker to bypass authentication and compromise user accounts via brute-force attempts. CVSS v3.1 base score 5.3 (Network, Low atta...
xml-crypto 安全漏洞
NPM xml-crypto is a digital signature and cryptography library from NPM. A security vulnerability in xml-crypto versions 4.0.0 through 6.0.0, which stems from a default configuration that does not check the authorization of the signer, allows attackers to bypass XML signature verification...
CVE-2017-9369
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment...