CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

Uber: SMS URL verification link does not expire on phone number change and lacks rate limiting

When verifying your phone number attached to your Uber account, it was possible to re-use an old verification URL to validate a new cell phone number. In addition to this, there was no rate limiting on the SMS verification which allowed for it to be easily brute-forced. The internal team resolved...

CVE-2016-1763

Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread...

Information disclosure

Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread...

CVE-2016-1763

Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread...

Apple iOS Messages Information Disclosure Vulnerability (CNVD-2016-01875)

Apple iOS is an operating system for mobile devices developed by Apple Inc. Messages is a component of the application used to send text, photos and videos. A security vulnerability exists in Messages in Apple iOS versions prior to 9.3, which stems from the program failing to determine that an...