WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass

Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...

CVE-2026-1815

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

CVE-2026-1816 OTP Bypass in TEİAŞ's Mobile Application

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...

CVE-2026-1816

TEİAŞ’s Mobile Application is affected by CVE-2026-1816: an improper restriction of excessive authentication attempts that enables brute-force attacks. Affected versions are 1.6.2 up to 1.13 (not inclusive). The CVSS 3.1 baseline is 6.3 (MEDIUM) with network attack vector, low privileges required...

CVE-2026-1815 Session Hijacking in TEİAŞ's Mobile Application

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

EUVD-2026-31289

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

CVE-2026-1815

TEİAŞ Mobile Application is affected by an Insufficient session expiration vulnerability (CVE-2026-1815) that enables session hijacking. Affected versions are 1.6.2 up to

CVE-2026-22880 Mobile SSO authentication flow allows credential theft via malicious server

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

TEİAŞ Mobile Application 代码问题漏洞

TEİAŞ Mobile Application is a mobile application developed by the Turkish company TEİAŞ, which provides information and services related to power transmission operations. Versions of the TEİAŞ Mobile Application from 1.6.2 to 1.13 had code vulnerabilities. These vulnerabilities were caused by...

TEİAŞ Mobile Application 安全漏洞

TEİAŞ Mobile Application is a mobile application developed by the Turkish company TEİAŞ, which provides information and services related to power transmission operations. Versions of the TEİAŞ Mobile Application from 1.6.2 to 1.13 contained security vulnerabilities. These vulnerabilities were due...

CVE-2026-7671 CodeWise Tornet Scooter Mobile App TwoFactor excessive authentication

A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of...

CVE-2026-7671 CodeWise Tornet Scooter Mobile App TwoFactor excessive authentication

A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of...

EUVD-2026-26804

A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of...

PT-2026-36641

Name of the Vulnerable Software and Affected Versions CodeWise Tornet Scooter Mobile App version 4.75 Description An issue exists in an unknown function within the /TwoFactor file that results in improper restriction of excessive authentication attempts. This allows a remote attacker to perform a...

Zyosoft School App 安全漏洞

Zyosoft School App is a mobile application designed for school management and parent-child communication by Zyosoft Technology Co., Ltd. of Taiwan, China. The Zyosoft School App has a security vulnerability, which stems from insecure direct object references. This vulnerability could allow...

EUVD-2025-209576

Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application...

CVE-2025-15626

CVE-2025-15626 affects the Ribblr – Crochet & Knitting iOS application. The entry states that an authenticated user can bypass authorization, representing a potential access control bypass inside the iOS app. The CVSS V4.0 metrics indicate a base score of 5.3 (Medium) with network attack vector, ...

@saltcorn/cli (>=1.0.0 <=1.4.5), @saltcorn/mobile-builder (>=1.0.0 <=1.4.5) potentially affected by CVE-2026-41478 via @saltcorn/mobile-app (>=1.0.0-beta.1 <=1.4.5)

@saltcorn/mobile-app NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.4.5 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNMOBILEAPP-16110990...

@saltcorn/cli (>=1.5.0 <=1.5.5-beta.0), @saltcorn/mobile-builder (>=1.5.0 <=1.5.5-beta.0) potentially affected by CVE-2026-41478 via @saltcorn/mobile-app (>=1.5.0-beta.0 <=1.5.5)

@saltcorn/mobile-app NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.5-beta.0 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNMOBILEAPP-16110990...

SQL Injection

Overview @saltcorn/mobile-app is a Saltcorn mobile app for Android and iOS Affected versions of this package are vulnerable to SQL Injection via the getSyncRows and getDelRows functions. An attacker can execute arbitrary SQL commands, exfiltrate sensitive data, modify or delete database contents,...