CVE-2025-9801

A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and...

Sim Studio 安全漏洞

Sim Studio is an AI agent workflow builder from Sim Studio Open Source. A security vulnerability exists in Sim Studio that stems from an arbitrary file upload due to incorrect manipulation of the parameter File in the file apps/sim/app/api/files/upload/route.ts...

Sim Studio 路径遍历漏洞

Sim Studio is an AI agent workflow builder from the Sim Studio open source. A path traversal vulnerability exists in Sim Studio that stems from an incorrect manipulation of the parameter filePath leading to a path traversal attack...

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft

A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series of major hacks and cryptocurrency thefts. Noah Michael Urban pleaded guilty to charges related to wire fraud and aggravated identity...

SIM-Swapper, Scattered Spider Hacker Gets 10 Years

A 20-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider " was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges o...

Malicious code in sim-packages (npm)

The package sim-packages was found to contain malicious code...

MAL-2025-33257 Malicious code in sim-packages (npm)

The package sim-packages was found to contain malicious code...

UBUNTU-CVE-2025-38408

In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Initialize work context pointers properly Initialize ops member's pointers properly by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise the pointers contain random content...

Sim Studio 安全漏洞

Sim Studio is an AI agent workflow builder for Sim Studio open source. A security vulnerability exists in Sim Studio that stems from a lack of authentication in the file apps/sim/app/api/files/upload/route.ts...

Sim Studio 安全漏洞

Sim Studio is an AI agent workflow builder for Sim Studio open source. A security vulnerability exists in Sim Studio 0.1.17 and earlier versions, which stems from improper handling of the parameter filePath in the file apps/sim/app/api/files/parse/route.ts, which could lead to path traversal...

PT-2025-28117 · Unknown · Simstudioai Sim

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim versions up to 0.1.17 Description: A critical issue has been found, affecting the handleLocalFile function of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the filePath argument leads to path traversal...

UBUNTU-CVE-2022-50058

In the Linux kernel, the following vulnerability has been resolved: vdpasimblk: set number of address spaces and virtqueue groups Commit bda324fd037a "vdpasim: control virtqueue support" added two new fields nas, ngroups to vdpasimdevattr, but we forgot to initialize them for vdpasimblk. When...

CVE-2022-50058 vdpa_sim_blk: set number of address spaces and virtqueue groups

In the Linux kernel, the following vulnerability has been resolved: vdpasimblk: set number of address spaces and virtqueue groups Commit bda324fd037a "vdpasim: control virtqueue support" added two new fields nas, ngroups to vdpasimdevattr, but we forgot to initialize them for vdpasimblk. When...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference due to vdpasimblk not initializing the nas and ngroups fields...

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

Phone numbers are a gold mine for SIM swappers. A researcher found how to get this precious piece of information through a clever brute-force attack...

CVE-2024-33031

Memory corruption while processing the update SIM PB records request...

CVE-2023-21268

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-42655

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed...

CVE-2023-42645

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-42570

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN...