Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ...
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-...
 enables a connection to skip the standard device login prompt entirely and directly enter an interactive s...
The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.
The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application instal...
CVE-2024-1698 – NotificationX WordPress Plugin SQL Injection Time‑Based Blind Unauthenticated Time‑Based Blind SQL Injection → Extract admin userna...
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, whi...
nginx-rift-scanner Dependency-free Python 3 scanner for CVE-2026-42945 "NGINX Rift" — a CVSS v4.0 9.2 CRITICAL heap-based buffer overflow CWE-122 i...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
