Lucene search
K

87 matches found

Cvelist
Cvelist
added 2025/06/24 7:23 p.m.7 views

CVE-2025-49853 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ControlID iDSecure On-premises

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries...

9.3CVSS0.00445EPSS
Exploits0References1
CVE
CVE
added 2025/06/24 7:23 p.m.35 views

CVE-2025-49853

CVE-2025-49853 affects ControlID iDSecure On-premises versions 4.7.48.0 and prior. Root cause is an SQL injection vulnerability that could leak arbitrary information and allow insertion of arbitrary SQL syntax into queries, impacting confidentiality and integrity (CVSS 3.1/4.0 CRITICAL). Remediat...

9.3CVSS7.4AI score0.00445EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/06/24 7:19 p.m.8 views

CVE-2025-49852 Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers...

8.7CVSS0.00357EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/24 7:19 p.m.3 views

CVE-2025-49852 Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers...

8.7CVSS6.3AI score0.00357EPSS
Exploits0References1
CVE
CVE
added 2025/06/24 7:19 p.m.19 views

CVE-2025-49852

CVE-2025-49852 affects ControlID iDSecure On-premises (versions 4.7.48.0 and prior). The root cause is a Server-Side Request Forgery (SSRF) vulnerability that could allow an unauthenticated attacker to retrieve information from other servers. Public advisories (CISA ICS, Red Hat, CVE list, NVD) c...

8.7CVSS6.3AI score0.00357EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/24 7:17 p.m.3 views

CVE-2025-49851 Improper Authentication in ControlID iDSecure On-premises

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product...

8.7CVSS6.8AI score0.0048EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/24 7:17 p.m.8 views

CVE-2025-49851 Improper Authentication in ControlID iDSecure On-premises

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product...

8.7CVSS0.0048EPSS
Exploits0References1
CVE
CVE
added 2025/06/24 7:17 p.m.28 views

CVE-2025-49851

The CVE-2025-49851 entry concerns ControlID iDSecure On-premises, affected versions 4.7.48.0 and prior. The root cause is an improper authentication vulnerability that could let an attacker bypass authentication and gain permissions in the product. Public sources in the connected documents corrob...

9.8CVSS6.5AI score0.0048EPSS
Exploits0References1Affected Software1
CISA
CISA
added 2025/06/24 12:0 p.m.13 views

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems ICS advisories on June 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-175-01 Kaleris Navis N4 Terminal Operating System ICSA-25-175-02 Delta Electronics...

7AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.8 views

PT-2025-26775 · Control Id · Control Id Idsecure

Name of the Vulnerable Software and Affected Versions: ControlID iDSecure On-premises versions 4.7.48.0 and prior Description: The issue allows attackers to perform SQL injections, which could enable them to leak arbitrary information and insert arbitrary SQL syntax into SQL queries, giving them...

9.3CVSS7.5AI score0.00445EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.4 views

Control iD iDSecure On-premises 授权问题漏洞

Control iD iDSecure On-premises is an access control software from Control iD, a Brazilian company, used to manage personnel and vehicle access. An authorization issue vulnerability exists in Control iD iDSecure On-premises version 4.7.48.0 and prior versions, which stems from improper...

9.8CVSS6.8AI score0.0048EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.7 views

Control iD iDSecure On-premises 注入漏洞

Control iD iDSecure On-premises is an access control software from Control iD, a Brazilian company, used to manage personnel and vehicle access. A SQL injection vulnerability exists in Control iD iDSecure On-premises version 4.7.48.0 and prior versions, which originates from SQL injection and cou...

9.3CVSS7.9AI score0.00445EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.4 views

Control iD iDSecure On-premises 代码问题漏洞

Control iD iDSecure On-premises is an access control software from Control iD, a Brazilian company, used to manage personnel and vehicle access. A code issue vulnerability exists in Control iD iDSecure On-premises version 4.7.48.0 and prior versions, which stems from server-side request forgery a...

8.7CVSS6.8AI score0.00357EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.6 views

PT-2025-26772 · Control Id · Control Id Idsecure

Name of the Vulnerable Software and Affected Versions: ControlID iDSecure On-premises versions 4.7.48.0 and prior Description: The issue is related to an Improper Authentication vulnerability, which could allow an attacker to bypass authentication and gain permissions in the product. This poses a...

9.8CVSS6.4AI score0.0048EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 3:52 a.m.10 views

CVE-2023-33370

An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service...

7.5CVSS6.8AI score0.00629EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:52 a.m.10 views

CVE-2023-33367

A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution...

9.8CVSS8.6AI score0.01068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:4 a.m.4 views

CVE-2023-2044

A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the...

6.1CVSS6.1AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.11 views

CVE-2023-6329

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative use...

9.8CVSS7.1AI score0.65237EPSS
Exploits6References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.297 views

Control ID IDSecure Authentication Bypass

class MetasploitModule 'Control iD iDSecure Authentication Bypass CVE-2023-6329', 'Description' = %q This module exploits an improper access control vulnerability CVE-2023-6329 in Control iD iDSecure 'Michael Heinzl', MSF Module 'Tenable' Discovery and PoC , 'References' = 'CVE', '2023-6329',...

9.8CVSS7.1AI score0.65237EPSS
Exploits6
Metasploit
Metasploit
added 2024/08/27 6:53 p.m.299 views

Control iD iDSecure Authentication Bypass (CVE-2023-6329)

This module exploits an improper access control vulnerability CVE-2023-6329 in Control iD iDSecure use auxiliary/admin/http/idsecureauthbypass msf auxiliaryidsecureauthbypass show actions ...actions... msf auxiliaryidsecureauthbypass set ACTION msf auxiliaryidsecureauthbypass show options ...show...

9.8CVSS7.3AI score0.65237EPSS
Exploits6
Rows per page
Query Builder