CVE-2025-59440

An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-64181 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

CVE-2025-59440

An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a...

SAMSUNG多款产品 安全漏洞

SAMSUNG Exynos 980 and other products are manufactured by Samsung Electronics of South Korea. The SAMSUNG Exynos 980 is the first 5G-integrated SOC product, as well as the world’s first A77 architecture processor. The SAMSUNG Exynos 990 is a mobile processor. The SAMSUNG Exynos 850 is also a mobi...

PT-2026-25507

I found an SSRF vulnerability bypass via DNS rebinding in simstudioai/sim a project with 25k+ stars on GitHub CVE-2025-69660. Full write-up: https://t.co/eU3wf4d4Rd security websecurity appsec cve bugbounty...

Systematic Security Analysis of the Iridium Satellite Radio Link

The Iridium Low Earth Orbit LEO satellite constellation remains a unique provider of global communications for critical industries, governments, and private users, serving over 2.5 million active subscribers despite recent market competition. In contrast to terrestrial wireless standards such as...

CVE-2026-0119

In usimSendMCCMNCIndMsg of usimRegistration.c, there is a possible out of bounds write due to memory corruption. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-3432 Sim Studio AI - Unauthenticated OAuth Token Theft

On SimStudio version below to 0.5.74, the /api/auth/oauth/token endpoint contains a code path that bypasses all authorization checks when provided with credentialAccountUserId and providerId parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their...

CVE-2026-3432 Sim Studio AI - Unauthenticated OAuth Token Theft

On SimStudio version below to 0.5.74, the /api/auth/oauth/token endpoint contains a code path that bypasses all authorization checks when provided with credentialAccountUserId and providerId parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their...

CVE-2026-3431 Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...

CVE-2026-3431 Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...

Sim Studio 安全漏洞

Sim Studio is an open-source AI agent workflow builder developed by Sim Studio. Versions of Sim Studio prior to 0.5.74 contained security vulnerabilities. These vulnerabilities stemmed from MongoDB tool endpoints accepting arbitrary connection parameters, which could allow unauthorized access to...

Sim Studio 安全漏洞

Sim Studio is an open-source AI agent workflow builder developed by Sim Studio. Versions of Sim Studio prior to 0.5.74 contained security vulnerabilities. These vulnerabilities stemmed from authorization checks bypassed in the/api/auth/oauth/token endpoint, which could allow unverified attackers ...

AT&amp;T breach data resurfaces with new risks for customers

When data resurfaces, it never comes back weaker. A newly shared dataset tied to AT&T shows just how much more dangerous an “old” breach can become once criminals have enough of the right details to work with. The dataset, privately circulated since February 2, 2026, is described as AT&T customer...

MiracleLinux 8 : freeradius:3.0 (AXSA:2023-5978:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5978:01 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid...

CVE-2023-31114

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application...

CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...

CVE-2020-12748

An issue was discovered on Samsung mobile devices with Q10.0 software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594 May 2020...

CVE-2023-50806

A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850 Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380 Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem...

CVE-2019-16257

Some Motorola devices include the SIMalliance Toolbox Browser aka S@T Browser on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit STK instructions in an SMS message, aka Simjacker...