Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/01/GHSA-2hff-rr39-hph8/GHSA-2hff-rr39-hph8.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2hff-rr39-hph8",
+  "modified": "2026-01-26T12:30:28Z",
+  "published": "2026-01-26T12:30:27Z",
+  "aliases": [
+    "CVE-2025-41083"
+  ],
+  "details": "Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious website. This behavior can be used to redirect clients to endpoints controlled by the attacker.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41083"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-altitude-communication-server"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-26T10:16:06Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2r8v-44qx-992x/GHSA-2r8v-44qx-992x.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2r8v-44qx-992x",
+  "modified": "2026-01-26T12:30:28Z",
+  "published": "2026-01-26T12:30:28Z",
+  "aliases": [
+    "CVE-2025-59099"
+  ],
+  "details": "The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. \n\nHence, it is possible to retrieve all files stored on the file system, including the SQLite database Database.sq3, containing badge information and the corresponding PIN codes. Additionally, when trying to access certain files, the web server crashes and becomes unreachable for about 60 seconds. This can be abused to continuously send the request and cause denial of service.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59099"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dkaccess"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dormakaba"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dormakabagroup.com/en/security-advisories"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-35"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-26T10:16:07Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2v5c-7g3g-hfx3/GHSA-2v5c-7g3g-hfx3.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2v5c-7g3g-hfx3",
+  "modified": "2026-01-26T12:30:28Z",
+  "published": "2026-01-26T12:30:28Z",
+  "aliases": [
+    "CVE-2025-59096"
+  ],
+  "details": "The default password for the extended admin user mode in the application U9ExosAdmin.exe (\"Kaba 9300 Administration\") is hard-coded in multiple locations as well as documented in the locally stored user documentation.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59096"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dkexos"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dormakaba"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dormakabagroup.com/en/security-advisories"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-798"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-26T10:16:07Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2xq2-rx3r-pfq9/GHSA-2xq2-rx3r-pfq9.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2xq2-rx3r-pfq9",
+  "modified": "2026-01-26T12:30:28Z",
+  "published": "2026-01-26T12:30:28Z",
+  "aliases": [
+    "CVE-2025-59090"
+  ],
+  "details": "On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59090"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dkexos"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dormakaba"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dormakabagroup.com/en/security-advisories"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-26T10:16:06Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-4m2m-3rvh-cp5p/GHSA-4m2m-3rvh-cp5p.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4m2m-3rvh-cp5p",
+  "modified": "2026-01-26T12:30:29Z",
+  "published": "2026-01-26T12:30:29Z",
+  "aliases": [
+    "CVE-2025-59109"
+  ],
+  "details": "The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an attacker is easily able to remove the device, install a hardware implant which connects to the UART and exfiltrates the data exposed via UART to another system (e.g. via WiFi).",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59109"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dkaccess"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dormakaba"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dormakabagroup.com/en/security-advisories"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1295"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-26T10:16:08Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-56rh-rcgf-8x9j/GHSA-56rh-rcgf-8x9j.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-56rh-rcgf-8x9j",
+  "modified": "2026-01-26T12:30:28Z",
+  "published": "2026-01-26T12:30:28Z",
+  "aliases": [
+    "CVE-2025-59095"
+  ],
+  "details": "The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function \"EncryptAndDecrypt\" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key (cryptoKey) to transform each character of the input string. However, it's important to note that this implementation does not provide strong encryption and should not be considered secure for sensitive data. It's more of a custom encryption approach rather than a common algorithm used in cryptographic applications. The key itself is static and based on the founder's name of the company. The functionality is for example used to encrypt the user PINs before storing them in the MSSQL database.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59095"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dkexos"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dormakaba"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dormakabagroup.com/en/security-advisories"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-798"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-26T10:16:06Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-58xh-r44m-24vv/GHSA-58xh-r44m-24vv.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-58xh-r44m-24vv",
+  "modified": "2026-01-26T12:30:28Z",
+  "published": "2026-01-26T12:30:28Z",
+  "aliases": [
+    "CVE-2025-59097"
+  ],
+  "details": "The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via SOAP. The SOAP request is sent without any prior authentication or authorization by default. Though authentication and authorization can be configured using IPsec for 92xx-K5 devices and mTLS for 92xx-K7 devices, it is not enabled by default and must therefore be activated with additional steps.\n\nThis insecure default allows an attacker with network level access to completely control the whole environment. An attacker is for example easily able to conduct the following tasks without prior authentication:\n- Re-configure Access Managers (e.g. remove alarming system requirements)\n- Freely re-configure the inputs and outputs\n- Open all connected doors permanently\n- Open all doors for a defined time interval\n- Change the admin password\n- and many more\n\nNetwork level access can be gained due to an insufficient network segmentation as well as missing LAN firewalls. Devices with an insecure configuration have been identified to be directly exposed to the internet.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59097"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dkaccess"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/dormakaba"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dormakabagroup.com/en/security-advisories"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-26T10:16:07Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-67vw-jjgw-xcvq/GHSA-67vw-jjgw-xcvq.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-67vw-jjgw-xcvq",
+  "modified": "2026-01-26T12:30:28Z",
+  "published": "2026-01-26T12:30:27Z",
+  "aliases": [
+    "CVE-2025-41082"
+  ],
+  "details": "Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using  Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41082"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-altitude-communication-server"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-444"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-26T10:16:05Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-77p9-w6pj-rmvg/GHSA-77p9-w6pj-rmvg.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-77p9-w6pj-rmvg",
+  "modified": "2026-01-26T12:30:29Z",
+  "published": "2026-01-26T12:30:29Z",
+  "aliases": [
+    "CVE-2016-15057"
+  ],
+  "details": "** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum.\n\nThis issue affects Apache Continuum: all versions.\n\nAttackers with access to the installations REST API can use this to invoke arbitrary commands on the server.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-15057"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread/hbvf1ztqw2kv51khvzm5nk3mml3nm4z1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-26T12:15:46Z"
+  }
+}