CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Introduction In August 2024, our team identified a new crimeware bundle, which we named "SteelFox". Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. It spreads via forums posts, torrent trackers and blogs, imitating popular...

7.8CVSS7.7AI score0.00388EPSS

Exploits2

NVD•added 2024/10/08 7:15 a.m.•15 views

CVE-2024-7206

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...

7CVSS0.00027EPSS

Exploits0References1

The Hacker News•added 2020/06/08 10:7 a.m.•67 views

Any Indian DigiLocker Account Could've Been Accessed Without Password

The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially let a remote attacker bypass mobile one-time passwords OTP and sign in as other users. Discovered separately by two independent bug bounty researchers,...

7.5AI score

Exploits0

The Hacker News•added 2018/11/08 6:47 p.m.•562 views

Here's How Hackers Could Have Spied On Your DJI Drone Account

Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos tak...

6.1AI score

Exploits0

ThreatPost•added 2018/10/30 9:10 p.m.•516 views

Square, PayPal POS Hardware Open to Multiple Attack Vectors

Mobile point-of-sale POS terminals have revolutionized the retail space in many ways, with devices such as Square offering locations like mall kiosks, small coffee shops and roadside stands a handy and cost-effective way to accept credit cards. Unfortunately, more than half of leading mobile POS...

0.1AI score

Exploits0References3

Exploit DB•added 2018/02/19 12:0 a.m.•130 views

Mobile Application Hacking Diary Ep.2

Mobile Application Hacking Diary Ep.2 |=--------------------------------------------------------------------=| |=------------= Mobile Application Hacking Diary Ep.2=--------------=| |=------------------------= 18 February 2018 =----------------------=| |=----------------------= By CWH Underground...

7.1AI score

Exploits0

The Hacker News•added 2017/12/07 6:1 a.m.•30 views

Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL

A team of security researchers has discovered a critical implementation flaw in major mobile banking applications that left banking credentials of millions of users vulnerable to hackers. The vulnerability was discovered by researchers of the Security and Privacy Group at the University of...

6.6AI score

Exploits0

n0where•added 2017/08/07 7:54 p.m.•29 views

Runtime Mobile Exploration: objection

objection is a runtime mobile exploration toolkit, powered by Frida . It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. The project’s name quite literally explains the approach as well, whereby...

Exploits0References2

Hacker One•added 2017/05/28 3:10 p.m.•14 views

Starbucks: Full Api Access and Run All Functions via Starbucks App

The tested application is Starbucks Turkey Android App. https://play.google.com/store/apps/details?id=com.starbucks.tr&hl=en All these things are made without any login. I did not login the app. 1. I tried to intercept traffic between starbucks app and server with burp suite. I could not be...

0.4AI score

Exploits0

NVD•added 2017/04/10 3:59 a.m.•12 views

CVE-2016-5052

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning...

7.5CVSS7.6AI score0.00451EPSS

Exploits1References1

Prion•added 2017/04/10 3:59 a.m.•8 views

Buffer overflow

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning...

5CVSS7.1AI score0.00487EPSS

Exploits2References1

CVE•added 2017/04/10 3:0 a.m.•39 views

CVE-2016-5052

OSRAM SYLVANIA Osram Lightify Home is affected by CVE-2016-5052. The issue stems from the product’s failure to use SSL pinning in versions up to 2016-07-26, allowing a potential attacker to perform a man-in-the-middle (MITM) attack and intercept SSL/TLS traffic. The CNVD entry confirms the vulner...

7.5CVSS7.5AI score0.00451EPSS

Exploits1References1Affected Software1

Cvelist•added 2017/04/10 3:0 a.m.•19 views

CVE-2016-5052

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning...

7.6AI score0.00451EPSS

Exploits1References1

Cvelist•added 2017/04/10 3:0 a.m.•16 views

CVE-2016-5057

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning...

7.6AI score0.0031EPSS

Exploits1References1

Prion•added 2017/04/06 2:59 p.m.•9 views

Design/Logic Flaw

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function this is too late; pinning should occur in the initStreamsWithData function...

5CVSS7.6AI score0.00224EPSS

Exploits0References3Affected Software1

Prion•added 2017/04/06 2:59 p.m.•12 views

Design/Logic Flaw

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false...

5CVSS7.5AI score0.00224EPSS

Exploits1References3Affected Software1

NVD•added 2017/04/06 2:59 p.m.•14 views

CVE-2017-5887

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function this is too late; pinning should occur in the initStreamsWithData function...

7.5CVSS7.6AI score0.00224EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by