CVE-2026-49317

The CVE CVE-2026-49317 affects the Infotainment Digital Round on the Indian Scout Bobber + Tech 2025 model year. The vulnerability arises when the boot window relies on Wireless Control Module (WCM) traffic as a proxy for immobilizer presence. If no WCM messages are observed (e.g., by silencing W...

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese Indian Motorcycle company. The 2025 version of the Indian Motorcycle Scout Bobber + Tech has security vulnerabilities. These vulnerabilities stem from an error in the behavior sequence of the...

CVE-2025-68712

SpSoft AppLock com.sp.protector.free 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce...

PIN bypass in PassCodeActivity via back button

None...

EUVD-2026-28547

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This coul...

Astra Linux - уязвимость в opensc

A flaw was discovered in OpenSC packages that could allow for a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length PIN is passed. This issue poses a security risk, especially for OS...

CVE-2026-26722

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality...

CVE-2025-59098

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...

CVE-2025-57197

In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN verification check and directly modify the...

CVE-2025-46414

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN i...

PT-2025-32370 · Unknown · Registered Product

Name of the Vulnerable Software and Affected Versions: versions prior to April 6, 2025 Description: The product does not limit the number of attempts for entering the correct PIN for a registered product, potentially allowing an attacker to gain unauthorized access using brute-force methods if th...

TSplus Remote Access Admin Tool 安全漏洞

The TSplus Remote Access Admin Tool is a tool for centralized configuration and administration of the TSplus Remote Access Server from TSplus France. A security vulnerability exists in versions prior to TSplus Remote Access Admin Tool v18.40.6.17, which stems from an unsalted PIN hash stored in t...

CVE-2014-5381

Grand MA 300 allows a brute-force attack on the PIN...

Element Android 安全漏洞

Element Android is an Android Matrix client for the open source Element. A security vulnerability exists in Element Android version 1.6.32 and earlier, which stems from a failure to logout a user when entering an incorrect PIN more than a configured number of times, which could lead to an attacke...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from the use of weak authentication in the PIN authentication mechanism. An attacker exploiting this...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by an attacker to view saved passwords without performing the required device PIN authentication...

PT-2024-10740 · One2Track · One2Track

Name of the Vulnerable Software and Affected Versions: One2Track version 2019-12-08 Description: An issue was discovered where any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device produces a "Remove PIN and restart!" message and cannot be used, making...

Kaiten 安全漏洞

Kaiten is an employee management platform from Kaiten Inc. A security vulnerability exists in Kaiten version 57.131.12 and prior versions, which stems from a vulnerability that allows an attacker to bypass the PIN authentication mechanism, enabling the attacker to perform a brute force attack to...

KioWare 安全漏洞

KioWare is a suite of self-service terminal browser software. The software has the ability to restrict end-user access to specific interfaces. A security vulnerability exists in KioWare version 8.34 and prior versions, which stems from a vulnerability that allows brute force decryption of a PIN...