Lucene search
K

274 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:47 a.m.8 views

CVE-2024-34786

UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone not using UniFi Network Application that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio. This vulnerability is fixed in UniFi iOS app...

4.8CVSS6.4AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:40 a.m.8 views

CVE-2024-23660

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 202...

7.5CVSS6.5AI score0.00552EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:36 a.m.7 views

CVE-2024-1609

In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation...

8.7CVSS7AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:56 a.m.7 views

CVE-2023-33757

A lack of SSL certificate validation in Splicecom iPCS iOS App v1.3.4, iPCS2 iOS App v2.8 and before, and iPCS Android App v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack...

5.9CVSS6.8AI score0.00287EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:34 a.m.10 views

CVE-2023-47392

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request...

5.3CVSS6.8AI score0.005EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:40 a.m.6 views

CVE-2023-29501

Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to...

4.8CVSS6.5AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.5 views

CVE-2023-23131

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security ATS Settings...

7.5CVSS6.8AI score0.00593EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.6 views

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

7.5CVSS6.8AI score0.00603EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:28 a.m.12 views

CVE-2023-3615

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection...

8.1CVSS6.5AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.10 views

CVE-2023-47393

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors...

5.3CVSS6.5AI score0.005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 p.m.8 views

CVE-2021-42111

An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code...

5.5CVSS7.1AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:30 p.m.6 views

CVE-2021-27189

The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation...

5.9CVSS6.6AI score0.00987EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:20 p.m.8 views

CVE-2020-14451

An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013...

7.5CVSS6.5AI score0.0112EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.8 views

CVE-2020-12130

The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function...

6.1CVSS5.6AI score0.00686EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 a.m.14 views

CVE-2019-8791

An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect...

6.1CVSS5.7AI score0.0112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:34 a.m.9 views

CVE-2019-15614

Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files...

5.4CVSS5.6AI score0.00783EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:11 a.m.7 views

CVE-2019-15611

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...

4.9CVSS6.5AI score0.01081EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:54 a.m.10 views

CVE-2019-5927

Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

7.5CVSS6.9AI score0.03027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:44 a.m.7 views

CVE-2012-5185

Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer formerly Files HD app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access...

7.5CVSS6.7AI score0.01839EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/03/17 8:2 a.m.9 views

A week in security (March 10 – March 16)

Last week on Malwarebytes Labs: Research on iOS apps shows widespread exposure of secrets Don’t let your kids on Roblox if you’re not comfortable, says Roblox CEO Update your iPhone now: Apple patches vulnerability used in "extremely sophisticated attacks" The dark side of sports betting: How...

6.6AI score
Exploits0
Rows per page
Query Builder