Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-23639

Malicious code in bioql PyPI...

5.4CVSS5.1AI score0.00152EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-23640

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00417EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2023/06/29 6:56 p.m.146 views

Exploit for Use After Free in Arm Avalon_Gpu_Kernel_Driver

Exploit for CVE-2022-46395 to run on FireTV 2nd gen Cube Thi...

8.8CVSS8.9AI score0.477EPSS
Exploits3
GithubExploit
GithubExploitadded 2023/06/29 6:54 p.m.152 views

Exploit for Use After Free in Arm Avalon_Gpu_Kernel_Driver

Exploit for CVE-2022-46395 to run on FireTV 3rd gen Cube Thi...

8.8CVSS8.9AI score0.477EPSS
Exploits3
NVD
NVDadded 2023/05/03 1:15 p.m.9 views

CVE-2023-1385

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...

8.8CVSS7.5AI score0.00098EPSS
Exploits0References1
OSV
OSVadded 2023/05/03 1:15 p.m.0 views

CVE-2023-1385

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...

8.8CVSS7.3AI score
Exploits0References1
NVD
NVDadded 2023/05/03 1:15 p.m.6 views

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...

6.1CVSS5.2AI score0.00417EPSS
Exploits0References1
Prion
Prionadded 2023/05/03 1:15 p.m.15 views

Input validation

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...

5.8CVSS8.6AI score0.00098EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2023/05/03 1:15 p.m.10 views

Code injection

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...

5.8CVSS6.4AI score0.00417EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2023/05/03 12:33 p.m.35 views

CVE-2023-1385

CVE-2023-1385 describes an improper JPAKE implementation that allows offline PIN brute-forcing due to initializing random values to a known value, enabling unauthorized authentication to amzn.lightning services. Affected: Amazon Fire TV Stick 3rd gen before 6.2.9.5 and Insignia TV with FireOS 7.6...

8.8CVSS8.6AI score0.00098EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/05/03 12:33 p.m.16 views

CVE-2023-1385

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...

7.1CVSS8.9AI score0.00098EPSS
Exploits0References1
NVD
NVDadded 2023/05/03 12:16 p.m.10 views

CVE-2023-1383

An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with Fire...

5.4CVSS5.4AI score0.00152EPSS
Exploits0References1
Prion
Prionadded 2023/05/03 12:16 p.m.29 views

Input validation

An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with Fire...

3.3CVSS4.6AI score0.00152EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2023/05/03 12:10 p.m.35 views

CVE-2023-1384

The CVE-2023-1384 issue affects Amazon Fire TV Stick 3rd-gen devices (pre-6.2.9.5) and Insignia FireOS TVs (pre-7.6.3.3). The root cause is improper sanitization of the source parameter in the setMediaSource function of the amzn.thin.pl service, which can allow arbitrary JavaScript execution. Rem...

6.1CVSS6.4AI score0.00417EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/05/03 12:10 p.m.15 views

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...

4.3CVSS6.6AI score0.00417EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/05/03 11:42 a.m.15 views

CVE-2023-1383

An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with Fire...

5.4CVSS5.7AI score0.00152EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2023/04/13 1:25 p.m.599 views

Exploit for Use After Free in Arm Bifrost_Gpu_Kernel_Driver

Exploit for CVE-2022-38181 to run on FireTV 3rd gen Cube Thi...

8.8CVSS9AI score0.25025EPSS
Exploits4
GithubExploit
GithubExploitadded 2023/04/13 1:19 p.m.369 views

Exploit for Use After Free in Arm Bifrost_Gpu_Kernel_Driver

Exploit for CVE-2022-38181 for FireTV 2nd gen Cube This is a...

8.8CVSS8.9AI score0.25025EPSS
Exploits4
Packet Storm
Packet Stormadded 2019/02/08 12:0 a.m.60 views

Amazon FireOS 5.3.6.3 Man-In-The-Middle

Original blog post here: https://wwws.nightwatchcybersecurity.com/2019/02/07/content-injection-in-amazon-kindles-fireos-cve-2019-7399/ SUMMARY The FireOS operating system provided by Amazon for Fire tablet devices can be injected with malicious content by an MITM attacker. An attacker can also...

7.5AI score0.0024EPSS
Exploits2
Rows per page
Query Builder