## Key Information Summary - **Vulnerability Lab**: SEC Consult operates its internal security lab to ensure international excellence in network and application security. - **Responsible Disclosure Policy**: Follows a responsible disclosure policy, providing necessary information and timeframes to help vendors verify and fix vulnerabilities. - **CVE Numbering Authority (CNA)**: Official CNA, assigning CVE numbers to all third-party hardware/software vulnerabilities discovered. - **Contact**: Reach via security-research(at)sec-consult.com; PGP key fingerprint: F9A9D4AF3DC2D298835090252D2DD7B5C6EE883F. ## Latest Vulnerability List - **Unprotected NFC card manipulation** - Name: Leading to free top-up operations in GiroWeb's legacy customer infrastructure - Date: October 29, 2025 - **Unauthenticated Local File Disclosure** - Name: Vulnerability in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution Systems - Date: October 27, 2025 - **Missing Certificate Validation** - Name: Leading to remote code execution in CleverControl employee monitoring software - Date: September 23, 2025 - **Race Condition in Shopware Voucher Submission** - Date: August 7, 2025 - **Reflected Cross-Site Scripting in ONLYOFFICE Docs** - Date: June 12, 2025