Lucene search
K

1758 matches found

NVD
NVD
added 13 hours ago4 views

CVE-2026-22093

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS
Exploits0References1
CVE
CVE
added 14 hours ago7 views

CVE-2026-22093

CVE-2026-22093 affects EVbee Service app (v1.4.101.00). The issue arises because the Android app performs TLS/HTTPS communication but does not validate the server certificate, enabling a man‑in‑the‑middle attacker on the network path to intercept and manipulate traffic. Additionally, the app is d...

9.5CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 14 hours ago6 views

CVE-2026-22093 Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42637

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

7.5CVSS6AI score0.00229EPSS
Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2026-13462

PayRange Android app (version 7.0.7 and below) is affected by CVE-2026-13462 due to an SSL bypass in WebViews, allowing invalid certificates to be accepted. This enables a remote, unauthenticated attacker to intercept and exfiltrate data the user submits via the app. Attack surface is the app’s W...

7.5CVSS6AI score0.00229EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39598

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS5.9AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39591

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...

8.3CVSS5.9AI score0.00203EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 12:16 a.m.9 views

CVE-2026-9221

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 12:16 a.m.9 views

CVE-2026-9220

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 11:29 p.m.8 views

CVE-2026-9222

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS5.9AI score0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 11:29 p.m.39 views

CVE-2026-9222 Setracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authentication

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 11:29 p.m.19 views

CVE-2026-9222

The CVE-2026-9222 entry concerns the Setracker2 Android Companion App (package com.tgelec.setracker) version 3.1.5 and earlier. The underlying issue is authentication that accepts a password hash in lieu of a password when contacting backend services, enabling an attacker who knows the hash to au...

9.2CVSS5.9AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 11:27 p.m.42 views

CVE-2026-9221 Setracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 11:13 p.m.38 views

CVE-2026-9220 Setracker2 Children's Smartwatch Ecosystem Use of hard-coded cryptographic key

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:31 a.m.14 views

EUVD-2026-36668

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.37 views

CVE-2025-68713

An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...

0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/14 10:45 p.m.35 views

CVE-2026-12190 Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS0.00105EPSS
Exploits0References5
CVE
CVE
added 2026/06/14 10:45 p.m.28 views

CVE-2026-12190

The CVE-2026-12190 entry concerns Genspark AI Workspace App version 2.8.4 on Android, affecting the ai.mainfunc.genspark component. The issue is described as improper authorization in the handler for a custom URL scheme, with exploitation limited to a local environment. The provided documents do ...

5.3CVSS5.5AI score0.00105EPSS
Exploits0References5
CVE
CVE
added 2026/06/14 10:30 p.m.24 views

CVE-2026-12189

The CVE-2026-12189 entry concerns Moovit Bus & Public Transit App 1.18 on Android, affecting the com.tranzmate component. The flaw is described as improper authorization in the handler for a custom URL scheme, enabling a local attacker to manipulate the app. Exploitability is local with low attac...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.16 views

PT-2026-49146

Name of the Vulnerable Software and Affected Versions Moovit Bus & Public Transit App version 1.18 Description A flaw in the com.tranzmate component of the Android application allows for improper authorization within the handler for custom URL schemes. This issue requires local execution to...

5.3CVSS5.8AI score0.00105EPSS
Exploits0References7
Rows per page
Query Builder