XNUTest

xnutesting Research & Education Only — Proof-of-concept...

PT-2026-20524

ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices...

PT-2026-7469

Name of the Vulnerable Software and Affected Versions ZOLL ePCR IOS application affected versions not specified Description The application displays user-supplied data within a WebView without proper sanitization. Specifically, attacker-controlled strings entered into PCR fields such as run numbe...

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

PT-2026-5836

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

CVE-2022-50952 Banco Guayaquil 8.0.0 Mobile iOS Cross-Site Scripting via Profile Name Input

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

CVE-2021-33981

An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses...

CVE-2025-14023

LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions...

PT-2025-49138

Name of the Vulnerable Software and Affected Versions AirKeyboard iOS App version 1.0.5 Description The AirKeyboard iOS App has a missing authentication mechanism. This allows unauthenticated attackers to send arbitrary keystrokes to a victim’s iOS device in real-time, without requiring user...

EUVD-2025-197765

Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication...

CVE-2025-5009 Information Disclosure in Gemini iOS App

In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet...

EUVD-2021-26522

Malware in sbrugna...

EUVD-2017-18495

Malware in sbrugna...

EUVD-2016-3352

Malware in sbrugna...

EUVD-2019-4401

Malware in sbrugna...

EUVD-2017-18500

Malware in sbrugna...

EUVD-2021-20652

Malware in sbrugna...

EUVD-2018-1377

Malware in sbrugna...

EUVD-2020-6589

Malware in sbrugna...

EUVD-2013-6787

Malware in sbrugna...