PULSE
EN VIVO15señales / 24h
FEED
ransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcare
← Todos los CVEs
CVE Watch5 jul 2026

CVE-2025-57197

In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change featu

CVSS

6.0

Medio

EPSS

0.2%

p5

KEV

Exploit Today

2

0-100

Publicado: 29 sept 2025 · Última mod.: 5 jul 2026 · CWE-284

EPSS · 30d
0.2%EPSS · 30 días0.2%
2026-06-302026-07-17
Descripción técnica

In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN verification check and directly modify the authentication PIN. This allows unauthorized users to change PIN without knowing the original/current PIN.

Referencias oficiales
CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-503517.8 ALT
84.8%
25Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally.1d
CVE-2026-504237.8 ALT
82.8%
25Improper access control in Windows Kernel allows an authorized attacker to elevate privileges locally.2d
CVE-2026-498057.0 ALT
81.6%
24Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.1d
CVE-2023-285319.8 CRÍ
81.1%
24ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.3d
CVE-2026-393647.5 ALT
79.6%
24Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny (e.g., .env, *.crt) can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are appended. This vulnerability is fixed in 7.3.2 and 8.0.5.3d
CVE-2026-212628.8 ALT
79.0%
24Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.7d