❌

Normal view

Received β€” 27 January 2026 ⏭ Full Disclosure

Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

βœ‡Full Disclosure
27 January 2026 at 05:32

Posted by Yuffie Kisaragi via Fulldisclosure on Jan 26

Dear Art,

Thank you for sharing your detailed evaluation and for pointing out the relevant
sections of the CNA Rules.

Your argument is well reasoned, particularly with respect to the current
guidance on SaaS and exclusively hosted services.

I have forwarded your evaluation to the CNA for further consideration. It will
also be important to understand the vendor’s perspective in light of the points
you raised, especially regarding the...

Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

βœ‡Full Disclosure
27 January 2026 at 05:32

Posted by Marco Ermini via Fulldisclosure on Jan 26

Hello everyone,

Kindly let me introduce myself. This is the first – and potentially, last – message on this mailing list. I am Marco,
the CISO of EQS Group. Kindly allow me to address some of the statements expressed publicly here.

About the Convercent application

Convercent was acquired by OneTrust in 2021, and in turn, EQS has acquired it from OneTrust at the end of 2024. Before
being acquired by EQS, the Convercent application has not...

SEC Consult SA-20260126-2 :: UART Leaking Sensitive Data in dormakaba registration unit 9002 (PIN pad)

βœ‡Full Disclosure
27 January 2026 at 05:30

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 26

SEC Consult Vulnerability Lab Security Advisory < 20260126-2 >
=======================================================================
title: UART Leaking Sensitive Data
Β  Β  Β  Β  Β  Β  product: dormakaba registration unit 9002 (PIN pad)
vulnerable version: <SW0039
Β  Β  Β  fixed version: SW0039
Β  Β  Β  Β  Β CVE number: CVE-2025-59109
Β  Β  Β  Β  Β  Β  Β impact: medium
homepage:...

SEC Consult SA-20260126-1 :: Multiple Critical Vulnerabilities in dormakaba Access Manager

βœ‡Full Disclosure
27 January 2026 at 05:30

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 26

SEC Consult Vulnerability Lab Security Advisory < 20260126-1 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: dormakaba Access Manager
vulnerable version: Multiple firmware and hardware revisions (details below)
fixed version: Multiple firmware and hardware revisions (details below)
Β  Β  Β  Β  Β CVE number: CVE-2025-59097,...

SEC Consult SA-20260126-0 :: Multiple Critical Vulnerabilities in dormakaba Kaba exos 9300

βœ‡Full Disclosure
27 January 2026 at 05:30

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 26

SEC Consult Vulnerability Lab Security Advisory < 20260126-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: dormakaba Kaba exos 9300
vulnerable version: < 4.4.1
fixed version: 4.4.1
CVE number: CVE-2025-59090, CVE-2025-59091, CVE-2025-59092
CVE-2025-59093, CVE-2025-59094, CVE-2025-59095...
❌