Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

In this article 1. Technical details 2. Disclosure timeline 3. Mitigation and protection guidance 4. References 5. Learn more During routine security research, we identified a severe intent redirection vulnerability in a widely used third-party Android SDK called EngageSDK. This flaw allows apps ...

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

In this article 1. Technical details 2. Disclosure timeline 3. Mitigation and protection guidance 4. References 5. Learn more During routine security research, we identified a severe intent redirection vulnerability in a widely used third-party Android SDK called EngageSDK. This flaw allows apps ...

CVE-2026-4218

A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTHKEY results in information disclosure. The attack is only possible...

CVE-2026-4218

CVE-2026-4218 affects the Android-based myAEDES App up to version 1.18.4. The vulnerability concerns an unknown function in the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta . By manipulating the argument AUTH_KEY , an information disclosure can occur. The attack req...

CVE-2026-27449

Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the...

GHSA-86VQ-CCWF-RM62 Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints

Description A vulnerability has been identified in Umbraco Engage where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the network without requiring a valid session or user credentials. By supplying ...

Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints

Description A vulnerability has been identified in Umbraco Engage where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the network without requiring a valid session or user credentials. By supplying ...

EUVD-2026-8896

Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints...

Improper Following of a Certificate's Chain of Trust

Overview Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust in the exposed API endpoints that do not enforce authentication or authorization checks. An attacker can access and retrieve sensitive data associated with arbitrary records by direct...

CVE-2026-27449

Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the...

CVE-2026-27449 Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints

Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the...

CVE-2026-27449 Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints

Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the...

CVE-2026-27449

Umbraco Engage (before versions 16.2.1 and 17.1.1) exposes certain API endpoints that do not enforce authentication or authorization. An unauthenticated user can query these endpoints directly (for example via an id parameter like ?id=) to enumerate and retrieve sensitive Engage data associated w...

CVE-2026-27449

Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the...

Umbraco Engage 安全漏洞

Umbraco Engage is an extension to the digital experience platform developed by the Danish company Umbraco. Versions of Umbraco Engage prior to 16.2.1 and 17.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication or authorization checks for certain AP...

PT-2026-22200

Name of the Vulnerable Software and Affected Versions Umbraco Engage versions prior to 16.2.1 Umbraco Engage versions prior to 17.1.1 Description Umbraco Engage is a business intelligence platform. A security issue exists in Umbraco Engage where certain API endpoints lack proper authentication or...

CVE-2025-15324

Tanium addressed a documentation issue in Engage...

CVE-2025-15324

Tanium addressed a documentation issue in Engage...

EUVD-2025-206831

Tanium addressed a documentation issue in Engage...

CVE-2025-15324

Technical details about CVE-2025-15324 are not provided in the supplied documents. The records indicate a documentation issue with Tanium Engage and do not specify affected versions, root cause, exploitability, or remediation.