CVE-2025-59097

The exos 9300 application can be used to configure Access Managers e.g. 92xx, 9230 and 9290. The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via...

CVE-2025-59097

The CVE-2025-59097 issue affects the dormakaba exos 9300 configuration GUI used to push configurations to Access Managers (e.g., 92xx, 9230, 9290). When the user saves a configuration, the SOAP payload is sent to the selected Access Manager without authentication or authorization by default. Whil...

CVE-2025-59097 Unauthenticated SOAP API in dormakaba access manager

The exos 9300 application can be used to configure Access Managers e.g. 92xx, 9230 and 9290. The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via...

CVE-2022-31269

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. This occurs in situations where the CVE-2019-7271 default credentials have been changed...

CVE-2019-12393

Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests...

CVE-2019-25242

The CVE covers FaceSentry Access Control System version 6.4.8, where a cross-site request forgery (CSRF) vulnerability enables an attacker to perform administrative actions without user consent by persuading an authenticated user to load a crafted page. The vulnerability targets the web interface...

EUVD-2020-25198

Malware in sbrugna...

EUVD-2020-25193

Malware in sbrugna...

EUVD-2021-22595

Malware in sbrugna...

EUVD-2020-30258

Malware in sbrugna...

EUVD-2020-25196

Malware in sbrugna...

EUVD-2020-25195

Malware in sbrugna...

EUVD-2020-25200

Malware in sbrugna...

EUVD-2022-27716

Malicious code in bioql PyPI...

CVE-2022-22570

A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s UA Lite firmware Version 3.8.28.24 and earlier allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later...

Making sure your door access control system is secure: Top 5 things to check

Your door access control system aka a physical access control system or PACS, also referred to as RFID cards or ‘swipe’ cards often have a poor reputation for being vulnerable to cloning attacks. Here’s the thing: it’s generally possible to configure your system to be very resistant to card...

PT-2023-24266 · Nissan · Nissan Sylphy Classic

Name of the Vulnerable Software and Affected Versions: Nissan Sylphy Classic version 2021 Description: The remote keyfob system sends the same RF signal for each door-open request, allowing for a replay attack. The vendor claims this issue cannot be reproduced with genuine Nissan parts, citing a...

CVE-2022-37709

Tesla Model 3 V11.02022.4.5.1 6b701552d7a6 Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging...

CVE-2022-37709

Tesla Model 3 V11.02022.4.5.1 6b701552d7a6 Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging...

CVE-2022-31269

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. This occurs in situations where the CVE-2019-7271 default credentials have been changed...