Lucene search
K

274 matches found

Malwarebytes
Malwarebytes
added 2025/03/14 3:29 p.m.14 views

Research on iOS apps shows widespread exposure of secrets

Researchers found that most of the apps available on Apple’s App Store leak at least one hard-coded secret. The researchers looked at 156,000 iOS apps and discovered more than 815,000 hardcoded secrets, including very sensitive secrets like keys to cloud storage, various Application Programming...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 3:28 a.m.7 views

CVE-2024-45205

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point not using UniFi Network Application could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App Version 10.17.7 and...

7.1CVSS6.8AI score0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/27 12:0 a.m.11 views

CVE-2024-56950

An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link...

0.0031EPSS
Exploits0References1
NVD
NVD
added 2024/12/25 4:15 a.m.19 views

CVE-2024-1609

In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation...

8.7CVSS0.00466EPSS
Exploits0References1
NVD
NVD
added 2024/12/04 2:15 a.m.28 views

CVE-2024-45205

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point not using UniFi Network Application could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App Version 10.17.7 and...

7.1CVSS0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/04 1:6 a.m.12 views

CVE-2024-45205

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point not using UniFi Network Application could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App Version 10.17.7 and...

7.1CVSS7.1AI score0.00122EPSS
Exploits0References1
CVE
CVE
added 2024/12/04 1:6 a.m.96 views

CVE-2024-45205

The CVE-2024-45205 entry affects the UniFi iOS App (versions

7.1CVSS7.1AI score0.00122EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 2:15 a.m.23 views

CVE-2024-34786

UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone not using UniFi Network Application that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio. This vulnerability is fixed in UniFi iOS app...

4.8CVSS0.00196EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/28 4:18 a.m.2 views

"Piccoma" App uses a hard-coded API key for an external service

Overview "Piccoma" App for Android and "Piccoma" App for iOS provided by Kakao piccoma Corp. use a hard-coded API key for an external service CWE-798. Yoshihito Sakai of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

4CVSS6.4AI score0.00169EPSS
Exploits0References5
OSV
OSV
added 2024/03/05 11:15 p.m.2 views

CVE-2023-48644

An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on...

6.1CVSS5.8AI score0.00312EPSS
Exploits0References2
OSV
OSV
added 2024/02/08 8:15 p.m.6 views

CVE-2024-23660

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 202...

7.5CVSS5.8AI score0.00552EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/08 12:0 a.m.11 views

CVE-2024-23660

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 202...

7.2AI score0.00552EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/08 12:0 a.m.23 views

CVE-2024-23660

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 202...

7.4AI score0.00552EPSS
Exploits1References2
NVD
NVD
added 2024/01/25 8:15 a.m.22 views

CVE-2023-33757

A lack of SSL certificate validation in Splicecom iPCS iOS App v1.3.4, iPCS2 iOS App v2.8 and before, and iPCS Android App v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack...

5.9CVSS5.6AI score0.00287EPSS
Exploits1References1
Prion
Prion
added 2024/01/25 8:15 a.m.19 views

Design/Logic Flaw

A lack of SSL certificate validation in Splicecom iPCS iOS App v1.3.4, iPCS2 iOS App v2.8 and before, and iPCS Android App v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack...

2.6CVSS7AI score0.00287EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2024/01/25 12:0 a.m.28 views

CVE-2023-33757

A lack of SSL certificate validation in Splicecom iPCS iOS App v1.3.4, iPCS2 iOS App v2.8 and before, and iPCS Android App v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack...

5.8AI score0.00287EPSS
Exploits1References1
OSV
OSV
added 2023/12/13 11:15 p.m.4 views

CVE-2023-43583

Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access...

4.9CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2023/12/13 11:15 p.m.1 views

CVE-2023-43585

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access...

6.5CVSS5.8AI score0.00599EPSS
Exploits0References1
NVD
NVD
added 2023/11/22 7:15 a.m.15 views

CVE-2023-47392

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request...

5.3CVSS0.005EPSS
Exploits0References1
Prion
Prion
added 2023/11/22 7:15 a.m.13 views

Server side request forgery (ssrf)

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request...

5CVSS7AI score0.005EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder