CVE-2021-23863

The CVE affects Bosch Video Security software (version 3.2.3 and earlier). A code injection vulnerability enables an attacker to inject arbitrary HTML into a WebView-loaded component, potentially causing the application to display attacker-controlled web resources. The root cause is HTML/code inj...

CVE-2022-0131

Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

CVE-2020-35398

An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted...

CVE-2020-35398

An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted...

CVE-2020-35398

An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted...

Input validation

Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account...

Authentication flaw

Improper export of Android application components vulnerability in Samsung Pay India only prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication...

Design/Logic Flaw

Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function...

CVE-2021-41716

Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function...

CVE-2021-41716

The CVE-2021-41716 entry applies to the Mahavitara Android Application (Maharashtra State Electricity Board) versions 8.20 and earlier. The vulnerability is an OTP fixation flaw in the password reset function that enables remote account takeover. Connected sources corroborate the issue and its im...

CVE-2020-27413

An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application...

CVE-2020-27414

Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history...

Information disclosure

Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history...

Maharashtra State Electricity Distribution Maharashtra State Electricity Board Android Application 信息泄露漏洞

Maharashtra State Electricity Distribution Maharashtra State Electricity Board Android Application is an official consumer oriented application of Maharashtra State Electricity Distribution of India is an official consumer oriented application of Maharashtra State Electricity Distribution. A...

PT-2021-24119 · Unknown · Egeetouch 3Rd Generation Travel Padlock

Name of the Vulnerable Software and Affected Versions: eGeeTouch 3rd Generation Travel Padlock application for Android affected versions not specified Description: An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before...

Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent

Overview Android App "Mercari Merpay - Marketplace and Mobile Payments App" Japan version provided by Mercari, Inc. is vulnerable to improper handling of Intent CWE-939. RyotaK reported this vulnerability to Mercari, Inc. and Mercari, Inc. reported it to JPCERT/CC to disclose the vulnerability...

CVE-2020-5529

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

No microphone in session via Android

Microphone is not working inside Android mobile application. 2. Audio redirected into the session 3. Citrix GPO applied for client audio redirection 4. Microphone permission is allowed inside android / iOS for Workspace app VDA version 1912.0.1000.24525 Audio/Microphone works via Windows...

BasicNote 1.1.9 - Denial of Service Exploit

Exploit Title: BasicNote 1.1.9 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notizen.basic.notes.notas.note.notepad&hl=esMX Version: 1.1.9 Category: DoS Android Vulnerability BasicNote - Notas, Bloc de notas is vulnerable to a DoS...

Telegram Stack Overflow Vulnerability (CNVD-2021-38308)

Telegram is an instant messaging mobile application. A stack overflow vulnerability exists in the custom derived graysplitcubic function of the Rlottie library for Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1. An attacker can exploit this...