1749 matches found
CVE-2025-63432
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...
CVE-2025-63435
Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official...
CVE-2025-63433
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...
CVE-2025-63432
CVE-2025-63432 affects Xtooltech Xtool AnyScan Android Application 4.40.40 and earlier. Root cause is Missing SSL Certificate Validation for the update server, enabling a local network attacker to perform a MITM, intercept/decrypt/modify traffic, and potentially enable remote code execution. The ...
CVE-2025-63433
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...
CVE-2025-63432
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...
Xtool AnyScan App 安全漏洞
Xtool AnyScan App is an automotive diagnostic mobile application from China-based Xtool. A security vulnerability exists in Xtooltech Xtool AnyScan Android Application version 4.40.40 and earlier, which stems from a lack of SSL certificate validation and could lead to a man-in-the-middle attack...
PT-2025-47946
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...
CVE-2025-63434
The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...
CVE-2025-63432
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...
CVE-2025-63289
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...
EUVD-2025-131909
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...
CVE-2025-63289
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...
CVE-2025-63289
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...
CVE-2025-63289
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...
Sogexia Android App 安全漏洞
Sogexia Android App is a payment account management mobile application from Sogexia Luxembourg. A security vulnerability exists in Sogexia Android App that originates from the inclusion of hard-coded encryption keys in the encryptionhelper.dart file...
CVE-2025-61115
ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...
CVE-2025-61113
TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...
CVE-2025-61121
Mobile Scanner Android App version 2.12.38 package name com.glority.everlens, developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitiv...
CVE-2025-61116
AdForest - Classified Android App version 4.0.12 package name scriptsbundle.adforest, developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be...