19525 matches found
CVE-2026-5228
Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp Mobile App: from 1.3.0 through 04062026...
CVE-2026-5228 Improper Access Control in Kurt Software Studio's WriteUp Mobile App
Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp Mobile App: from 1.3.0 through 04062026...
EUVD-2026-34283
Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp Mobile App: from 1.3.0 through 04062026...
CVE-2026-50209
CVE-2026-50209 describes a vulnerability where broadcast events allow malicious software to rewrite the device’s default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. The issue is tied to the MDM registration/endpoint resolution flow a...
CVE-2026-50209
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
CVE-2026-50209 MDM Server Registration Overriding
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
CVE-2026-50209 MDM Server Registration Overriding
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
EUVD-2026-34221
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
CVE-2026-49185 Instruction Injection via FieldX MDM
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...
CVE-2026-49185
The CVE-2026-49185 entry concerns FieldX MDM where the adb messaging topic passes unverified payloads directly into Runtime.exec(), enabling command/instruction injection. Affected component: adb messaging topic within FieldX MDM; root cause is unverified payloads executed via Runtime.exec(). Imp...
CVE-2026-49185
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...
PT-2026-46161
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
PT-2026-46140
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...
CVE-2026-42840
An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...
CVE-2026-42840 ERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literals
An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...
CVE-2025-48652
In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Ozette Plugins - Cross-Site Request Forgery
An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...
WP Mobile Detector <= 3.5 - Unrestricted File Upload
WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...
Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass
Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. id: CVE-2023-35078 info...
PT-2026-46044
Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user can persist arbitrary HTML or JavaScript within the email id or mobile no fields of a Customer record. This leads to unescaped rendering in the Point of Sale POS interface for any...