SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App

Kurzinfo

Veroeffentlicht: 2026-04-29 17:43 UTC Importiert: 2026-05-14 18:44 UTC Quelle-ID: full_disc uid_hash: ae6e840061bb165c435ccdf05fc097c00c4b088d803ccaa7ce95e1bb4d37e9ff
Full Disclosure

Inhalt

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29 SEC Consult Vulnerability Lab Security Advisory < 20260427-0 > ======================================================================= title: Missing TLS Certificate Validation leading to RCE product: DeskTime Time Tracking App vulnerable version: 1.3.671 fixed version: - CVE number: CVE-2025-10539 impact: medium homepage: https://desktime.com ...

Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2025-10539

 - - - -

Quellen-Details

Bezeichnung Name Kategorie Tags Zielgruppe Sprache Feed-URL
Full Disclosure

full_disc

 threat_intel - de https://seclists.org/rss/fulldisclosure.rss
Zurueck zur Eintrags-Liste