The following is a list of all publicly disclosed vulnerabilities discovered by Security Risk Advisors researchers.
All security vulnerabilities that are acquired by Security Risk Advisors are handled according to the SRA Disclosure Policy.
After the vendor has issued a patch or fix publicly and is within the timeframe agreed upon, SRA will release a public advisory disclosing its findings along with a timeframe from disclosure to advisory publish.
| NAME | CVE ID | VULNERABILITY TYPE | AFFECTS |
|---|---|---|---|
| Brivo Access Control Systems | CVE-2023-6259 CVE-2023-6260 | Local Access to Sensitive Data Web UI OS Command Injection | Models ACS100, ACS300. Models ACS6000 and ACSSDC may also be affected. Versions from 5.2.4 but before 6.2.4.3. Versions prior to 5.2.4 may also be affected. |
| Quest Coexistence Manager for Notes | CVE-2025-12874 | HTTP Request Smuggling in Quest Coexistence Manager for Notes | Quest Coexistence Manager for Notes 3.8.2045 |
| Milner ImageDirector Capture | CVE-2025-58740 CVE-2025-58741 CVE-2025-58742 CVE-2025-58743 CVE-2025-58744 | Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Insecure Masked Credential Fields Enable Database Credential Access in Milner ImageDirector Capture Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture Insecure Encryption Algorithm Enables Brute-Force of Database Credentials in Milner ImageDirector Capture Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture | Milner ImageDirector Capture from 7.0.9 but before 7.6.3.25808. Versions prior to 7.0.9 may also be affected. |