CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1376 matches found

OSV•added 2025/11/24 5:16 p.m.•4 views

CVE-2025-63432

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...

4.6CVSS5.8AI score0.00037EPSS

Exploits1References2

Positive Technologies•added 2025/11/24 12:0 a.m.•2 views

PT-2025-47947

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

6.8AI score0.00028EPSS

Exploits1References3

EUVD•added 2025/11/24 12:0 a.m.•1 views

EUVD-2025-198965

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

8.8CVSS7.3AI score0.00049EPSS

Exploits1References3

CVE•added 2025/11/24 12:0 a.m.•11 views

CVE-2025-63434

CVE-2025-63434 affects Xtooltech Xtool AnyScan Android Application (versions up to 4.40.40). The update mechanism downloads and extracts update packages containing executable code without cryptographic integrity or authenticity checks. If an attacker can control update metadata, they can serve a ...

8.8CVSS7.4AI score0.00049EPSS

Exploits1References2Affected Software1

Cvelist•added 2025/11/24 12:0 a.m.•6 views

CVE-2025-63435

Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official...

0.00063EPSS

Exploits1References2

RedhatCVE•added 2025/10/31 12:13 a.m.•4 views

CVE-2025-61114

2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...

7.5CVSS6.9AI score0.00045EPSS

Exploits0References1

EUVD•added 2025/10/30 6:31 p.m.•3 views

EUVD-2025-37025

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

7.5CVSS6.5AI score0.00046EPSS

Exploits0References2

EUVD•added 2025/10/30 6:31 p.m.•2 views

EUVD-2025-37021

AdForest - Classified Android App version 4.0.12 package name scriptsbundle.adforest, developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be...

7.5CVSS6.5AI score0.00045EPSS

Exploits0References2

EUVD•added 2025/10/30 6:31 p.m.•3 views

EUVD-2025-37015

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

7.5CVSS6.2AI score0.00045EPSS

Exploits0References2

NVD•added 2025/10/30 5:15 p.m.•2 views

CVE-2025-61119

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

7.5CVSS0.00055EPSS

Exploits0References1

NVD•added 2025/10/30 4:15 p.m.•2 views

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

7.5CVSS0.0005EPSS

Exploits0References1

Vulnrichment•added 2025/10/30 12:0 a.m.•1 views

CVE-2025-61115

6.1AI score0.0005EPSS

Exploits0References1

CVE•added 2025/10/30 12:0 a.m.•13 views

CVE-2025-61116

CVE-2025-61116 affects AdForest – Classified Android App, v4.0.12 (package: scriptsbundle.adforest). The vulnerability arises from improper access control in authentication where a Base64-encoded email address is used as the authorization credential, allowing attackers to manipulate credentials a...

7.5CVSS6.7AI score0.00045EPSS

Exploits0References1

Vulnrichment•added 2025/10/30 12:0 a.m.•3 views

CVE-2025-61117

6.4AI score0.00045EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-5693

Malware in sbrugna...

5.4CVSS6.4AI score0.00134EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views