1758 matches found
CVE-2026-22093
The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...
CVE-2026-22093
CVE-2026-22093 affects EVbee Service app (v1.4.101.00). The issue arises because the Android app performs TLS/HTTPS communication but does not validate the server certificate, enabling a man‑in‑the‑middle attacker on the network path to intercept and manipulate traffic. Additionally, the app is d...
CVE-2026-22093 Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app
The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...
EUVD-2026-42637
PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...
CVE-2026-13462
PayRange Android app (version 7.0.7 and below) is affected by CVE-2026-13462 due to an SSL bypass in WebViews, allowing invalid certificates to be accepted. This enables a remote, unauthenticated attacker to intercept and exfiltrate data the user submits via the app. Attack surface is the app’s W...
EUVD-2026-39598
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...
EUVD-2026-39591
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...
CVE-2026-9221
The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...
CVE-2026-9220
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...
CVE-2026-9222
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...
CVE-2026-9222 Setracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authentication
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...
CVE-2026-9222
The CVE-2026-9222 entry concerns the Setracker2 Android Companion App (package com.tgelec.setracker) version 3.1.5 and earlier. The underlying issue is authentication that accepts a password hash in lieu of a password when contacting backend services, enabling an attacker who knows the hash to au...
CVE-2026-9221 Setracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm
The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...
CVE-2026-9220 Setracker2 Children's Smartwatch Ecosystem Use of hard-coded cryptographic key
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...
EUVD-2026-36668
A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...
CVE-2025-68713
An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...
CVE-2026-12190 Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme
A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...
CVE-2026-12190
The CVE-2026-12190 entry concerns Genspark AI Workspace App version 2.8.4 on Android, affecting the ai.mainfunc.genspark component. The issue is described as improper authorization in the handler for a custom URL scheme, with exploitation limited to a local environment. The provided documents do ...
CVE-2026-12189
The CVE-2026-12189 entry concerns Moovit Bus & Public Transit App 1.18 on Android, affecting the com.tranzmate component. The flaw is described as improper authorization in the handler for a custom URL scheme, enabling a local attacker to manipulate the app. Exploitability is local with low attac...
PT-2026-49146
Name of the Vulnerable Software and Affected Versions Moovit Bus & Public Transit App version 1.18 Description A flaw in the com.tranzmate component of the Android application allows for improper authorization within the handler for custom URL schemes. This issue requires local execution to...