Lucene search
K

1749 matches found

RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.5 views

CVE-2025-63432

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...

4.6CVSS7.1AI score0.0015EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.4 views

CVE-2025-63435

Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official...

4.3CVSS7.1AI score0.00328EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.5 views

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

4.6CVSS6.7AI score0.00164EPSS
Exploits1References1
CVE
CVE
added 2025/11/24 12:0 a.m.13 views

CVE-2025-63432

CVE-2025-63432 affects Xtooltech Xtool AnyScan Android Application 4.40.40 and earlier. Root cause is Missing SSL Certificate Validation for the update server, enabling a local network attacker to perform a MITM, intercept/decrypt/modify traffic, and potentially enable remote code execution. The ...

4.6CVSS6.8AI score0.0015EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.9 views

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

0.00164EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.5 views

CVE-2025-63432

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...

6.8AI score0.0015EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.2 views

Xtool AnyScan App 安全漏洞

Xtool AnyScan App is an automotive diagnostic mobile application from China-based Xtool. A security vulnerability exists in Xtooltech Xtool AnyScan Android Application version 4.40.40 and earlier, which stems from a lack of SSL certificate validation and could lead to a man-in-the-middle attack...

4.6CVSS6.6AI score0.0015EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.4 views

PT-2025-47946

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...

7.1AI score0.0015EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.1 views

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

7.4AI score0.00269EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.15 views

CVE-2025-63432

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...

0.0015EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/13 1:0 a.m.16 views

CVE-2025-63289

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

9.1CVSS7.2AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/12 6:31 p.m.7 views

EUVD-2025-131909

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

6.7AI score0.00168EPSS
Exploits0References3
NVD
NVD
added 2025/11/12 4:15 p.m.5 views

CVE-2025-63289

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

9.1CVSS0.00168EPSS
Exploits0References2
OSV
OSV
added 2025/11/12 4:15 p.m.8 views

CVE-2025-63289

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

9.1CVSS5.8AI score0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/12 12:0 a.m.3 views

CVE-2025-63289

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

6.8AI score0.00168EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.3 views

Sogexia Android App 安全漏洞

Sogexia Android App is a payment account management mobile application from Sogexia Luxembourg. A security vulnerability exists in Sogexia Android App that originates from the inclusion of hard-coded encryption keys in the encryptionhelper.dart file...

9.1CVSS6.7AI score0.00168EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.4 views

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

7.5CVSS6.5AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.3 views

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

7.5CVSS6.7AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.3 views

CVE-2025-61121

Mobile Scanner Android App version 2.12.38 package name com.glority.everlens, developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitiv...

7.5CVSS6.2AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.3 views

CVE-2025-61116

AdForest - Classified Android App version 4.0.12 package name scriptsbundle.adforest, developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be...

7.5CVSS7AI score0.00327EPSS
Exploits0References1
Rows per page
Query Builder