Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/01/26 10:16 a.m.10 views

CVE-2025-59102

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

6.9CVSS0.00275EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/01/26 10:5 a.m.3 views

CVE-2025-59102

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

9.3CVSS5.9AI score0.00572EPSS
Exploits0References4
CVE
CVEadded 2026/01/26 10:4 a.m.10 views

CVE-2025-59098

CVE-2025-59098 describes a trace/debug facility in the dormakaba Access Manager. The trace is exposed via a plain TCP socket with no authentication or encryption, and TraceClient.exe can connect through the web interface to receive debug output. The verbosity is configurable via HTTP(S) with the ...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/26 12:0 a.m.8 views

PT-2026-4748

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References4
CNVD
CNVDadded 2020/07/28 12:0 a.m.2 views

Coinkite Coldcard MK1 and Coldcard MK2 Information Disclosure Vulnerabilities

The Coinkite Coldcard MK1 and Coldcard MK2 are both hardware-based bitcoin wallet devices from Coinkite, Inc. An information disclosure vulnerability exists in Coinkite Coldcard MK1 and Coldcard MK2. An attacker could exploit the vulnerability to recover sensitive data, such as PIN and BIP39...

5.3CVSS6.3AI score0.01198EPSS
Exploits1References1
ThreatPost
ThreatPostadded 2014/01/02 2:36 p.m.11 views

Use of 3DES to Encrypt Stolen Target PIN Data Invites Worry

Target Corp.’s admission that encrypted PIN data was stolen in the Black Friday breach was bad news for consumers. For security experts, especially cryptographers, particular exception was taken to the retail giant’s use of Triple DES 3DES encryption to keep the PIN data safe. With all crypto...

6.6AI score
Exploits0References6
ThreatPost
ThreatPostadded 2013/12/27 12:43 p.m.21 views

Encrypted PINs Stolen in Target Data Breach

Target confirmed this morning that encrypted PIN data was stolen in the Black Friday data breach that exposed 40 million accounts to fraud. Spokesperson Molly Snyder said the ongoing forensics investigation confirmed that PIN data was accessed as well, contrary to previous claims made by the reta...

6.5AI score
Exploits0References4
Rows per page
Query Builder