Why eSIMs Are Replacing Traditional SIM Cards

From SIM swap protection to remote provisioning, eSIMs are quickly replacing physical SIM cards. Here’s why the shift matters for security and convenience...

EUVD-2026-34214

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...

PT-2026-46154

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...

CVE-2026-35330

Integer Underflow When Handling EAP-SIM/AKA Attributes...

UBUNTU-CVE-2026-35330

Integer Underflow When Handling EAP-SIM/AKA Attributes...

CVE-2025-59440

An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a...

CVE-2025-59440

CVE-2025-59440 — Denial of Service in USIM handling Affected hardware: Samsung mobile and wearable processors (USIM) and associated modems (examples listed in the description: Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modems 5123, 5...

PT-2026-30692

An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a...

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length...

CVE-2022-33248

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http...

EUVD-2025-26509

Malicious code in bioql PyPI...

EUVD-2022-36345

Malicious code in bioql PyPI...

EUVD-2022-36291

Malicious code in bioql PyPI...

U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN

The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and posed an imminent threat to national security. "This protective intelligence investigation led to the discovery ...

CVE-2025-21027

Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM...

CVE-2025-21027

Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM...

CVE-2025-21027

The vulnerability CVE-2025-21027 affects Samsung Mobile’s ImsService, where improper verification of an intent by a broadcast receiver allows a local attacker to temporarily disable the SIM on devices running versions prior to SMR Sep-2025 Release 1. Root cause: inadequate validation in the ImsSe...

SIMulator: SIM Tracing on a (Pico-)Budget

SIM tracing -- the ability to inspect, modify, and relay communication between a SIM card and modem -- has become a significant technique in cellular network research. It enables essential security- and development-related applications such as fuzzing communication interfaces, extracting session...

CVE-2023-21373

In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Drupal OAuth2 Client 跨站请求伪造漏洞

Drupal OAuth2 Client is an identity module for the Drupal community. A cross-site request forgery vulnerability exists in Drupal OAuth2 Client versions prior to 4.1.3 that stems from cross-site request forgery...