Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Cvelist
Cvelistadded 2018/07/13 8:0 p.m.19 views

CVE-2016-6548 Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token

The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...

9.6AI score0.03707EPSS
Exploits1References3
CVE
CVEadded 2018/07/13 8:0 p.m.36 views

CVE-2016-6548

The CVE-2016-6548 entry concerns the Zizai Tech Nut mobile app, where HTTP requests leak the user’s authenticated session token in the URL. This exposes the session token to network-level observers, enabling potential account takeover since the token can be reused to access the user’s account. Th...

9.8CVSS9.6AI score0.03707EPSS
Exploits1References3Affected Software1
CERT
CERTadded 2016/10/25 12:0 a.m.41 views

Zizai Tech Nut contains multiple vulnerabilities

Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...

9.8CVSS6.8AI score0.03707EPSS
Exploits3References2
Rows per page
Query Builder