CVE-2025-23405 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Improper Output Neutralization For Logs

Unauthenticated log effects metrics gathering incident response efforts and potentially exposes risk of injection attacks ex log injection...

CVE-2025-20060 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Private Personal Information to an Unauthorized Actor

An attacker could expose cross-user personal identifiable information PII and personal health information transmitted to the Android device via the Dario Health application database...

CVE-2025-20060 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Private Personal Information to an Unauthorized Actor

An attacker could expose cross-user personal identifiable information PII and personal health information transmitted to the Android device via the Dario Health application database...

CVE-2024-50684

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data insufficient entropy. This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud...

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

CVE-2024-9285 Tu Yafeng Via Browser Javascript Bridge cross site scripting

A vulnerability was found in Tu Yafeng Via Browser up to 5.9.0 on Android. It has been rated as problematic. This issue affects some unknown processing of the component Javascript Bridge. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on February 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-058-01 Schneider Electric Communication Modules for Modicon M580 and Quantum...

CVE-2024-50684

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data insufficient entropy. This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud...

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

CVE-2024-50688

SunGrow iSolarCloud Android app (v2.1.6.20241017 and earlier) uses hardcoded MQTT credentials for device telemetry, with the same credentials in the app and cloud. The vulnerability is described as enabling attackers to gain unauthorized access to user accounts and potentially execute arbitrary c...

CVE-2025-1629

A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vend...

CVE-2025-1629 Excitel Broadband Private my Excitel App One-Time Password excessive authentication

A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vend...

CVE-2025-26700

Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where the application is installed to bypass the lock screen and obtain sensitive information...

CVE-2024-31974

The com.solarized.firedown aka Solarized FireDown Browser & Downloader application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately...

CVE-2024-44336

An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage...

CVE-2024-44336

An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage...

CVE-2025-20906

Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB...

CVE-2022-34909

An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database...

CVE-2025-20906

Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB...

CVE-2025-20906

Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB...