EUVD-2023-50114

Malicious code in bioql PyPI...

EUVD-2023-40565

Malicious code in bioql PyPI...

EUVD-2022-50897

Malicious code in bioql PyPI...

EUVD-2023-29143

Malicious code in bioql PyPI...

EUVD-2025-28381

Malicious code in bioql PyPI...

EUVD-2023-46377

Malicious code in bioql PyPI...

EUVD-2021-27840

Malicious code in bioql PyPI...

EUVD-2025-13684

Malicious code in bioql PyPI...

CVE-2025-59406

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected,...

CVE-2025-59405

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompil...

CVE-2025-59406

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected,...

PT-2025-40411

Name of the Vulnerable Software and Affected Versions Flock Safety Peripheral version 7.38.3 Description The Flock Safety Peripheral application for Android contains a cleartext DataDog API key within its codebase. Attackers can recover the OAuth secret without special privileges by decompiling o...

CVE-2025-59406

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected,...

CVE-2025-59403

The Flock Safety Android Collins application aka com.flocksafety.android.collins 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include b...

CVE-2025-41408

Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attac...

CVE-2025-56608

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in OkHttpClientWrapper.java. The handleDigest function employs MessageDigest.getInstance"MD5" to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions...

CVE-2025-9134

A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. T...

CVE-2025-9097

Summary: CVE-2025-9097 affects the Android app “Euro Information CIC banque et compte en ligne App” (version 12.56.0). The vulnerability is in the AndroidManifest.xml of the component com.cic_prod.bad , where an improper export of Android components is possible. This enables a local attacker to l...

PT-2025-33631 · 1&1 · Mail.Com App +1

Name of the Vulnerable Software and Affected Versions: 1&1 Mail & Media mail.com App version 8.8.0 Description: A security vulnerability has been detected due to improper export of Android application components. The issue affects an unknown function within the AndroidManifest.xml file of the...

CVE-2025-50861

The CVE-2025-50861 entry affects the Lotus Cars Android App (com.lotus.carsdomestic.intl) version 1.2.8, where the exported component PushDeepLinkActivity is accessible without authentication via ADB or malicious apps. This could allow unintended access to application internals and may lead to de...