EUVD-2026-32946

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw Broken Access Control in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary notes without having the required edit permissions for the parent object. Due to a "write first,...

EUVD-2019-4855

Malware in sbrugna...

EUVD-2004-1703

Malware in sbrugna...

EUVD-2018-9524

Malware in sbrugna...

EUVD-2020-29818

Malware in sbrugna...

CVE-2023-42570

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN...

CVE-2022-46593

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wpsstaenrolleepin parameter in the dostaenrolleewifi function...

CVE-2015-3298

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated...

CVE-2025-27606 Element Android PIN autologout bypass

Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to...

PT-2025-4564 · Marcus Downing · Site Pin

The vulnerable software is Marcus Downing Site PIN, with versions from n/a through 1.3 being affected. The vulnerability is an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This type of vulnerability can be exploit...

CVE-2020-8988

The CVE-2020-8988 entry concerns the Voatz Android app (2020-01-01). The documented vulnerability is a limited PIN space: only 100 million possible PINs, which enables offline brute-forcing of login credentials and voting history after an attacker gains root access to copy the local database. The...

CVE-2014-5381

Grand MA 300 allows a brute-force attack on the PIN...

Code injection

SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN...

CVE-2015-7287

The CVE-2015-7287 issue affects CSL DualCom GPRS CS2300-R alarm signaling boards (firmware 1.25–3.53). A non-unique, default PIN (001984) is used across installations, enabling remote command execution via SMS when knowledge of the PIN is included in a message. Impacted devices could be controlle...

Attack Tool Released for WPS PIN Vulnerability

Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup WPS standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver,...

Easy Router PIN Guessing with new WiFi Setup vulnerability

Easy Router PIN Guessing with new WiFi Setup vulnerability There is a newly discovered vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router's setup process. The flaw results in too much...

CVE-2002-2122

Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory...