AttackFeed by Joe Wagner | Re: SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App  - Full Disclosure

Re: SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App  – Full Disclosure

Posted on By Joe-W No Comments on Re: SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App  – Full Disclosure
Alert Feeds

 

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29

*Update 2026-04-28:* The vendor contacted us and now provides a patched version v1.3.674 which can be obtained at the
following URL:

https://desktime.com/download
 – Read More  – Full Disclosure 

You may also like

AttackFeed by Joe Wagner | [KIS-2026-04] SmarterMail
Alert Feeds
[KIS-2026-04] SmarterMail
February 22, 2026
AttackFeed by Joe Wagner | [KIS-2026-02] Blesta
Alert Feeds
[KIS-2026-02] Blesta
February 5, 2026
AttackFeed by Joe Wagner | MongoDB v8.3.0 Heap Buffer Underflow in OpenLDAP LMDB mdb_load  - Full Disclosure
Alert Feeds
MongoDB v8.3.0 Heap Buffer Underflow in OpenLDAP LMDB mdb_load  – Full Disclosure
January 6, 2026
AttackFeed by Joe Wagner | Paper-Exploiting XAMPP Installations  - Full Disclosure
Alert Feeds
Paper-Exploiting XAMPP Installations  – Full Disclosure
January 29, 2026

Leave a Reply

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.