Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

17 matches found

CNVD
CNVDadded 2018/09/25 12:0 a.m.1 views

PhonePe Information Disclosure Vulnerability

PhonePe wallet a.k.a. com.PhonePe.app application for Android is an Android-based cashless payment application by Phonepe Private India. A security vulnerability exists in versions 3.0.6 through 3.3.26 of the PhonePe Wallet application for Android-based platforms. The vulnerability can be exploit...

5.3CVSS5.5AI score0.01063EPSS
Exploits0References1
OSV
OSVadded 2018/09/23 10:29 p.m.3 views

CVE-2018-17403

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibili...

8.8CVSS5.8AI score0.01299EPSS
Exploits0References1
OSV
OSVadded 2018/09/23 10:29 p.m.2 views

CVE-2018-17402

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide...

5.3CVSS5.8AI score0.01063EPSS
Exploits0References1
Prion
Prionadded 2018/09/23 10:29 p.m.18 views

Code injection

DISPUTED The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user h...

1.2CVSS6.8AI score0.00312EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2018/09/23 10:29 p.m.14 views

Code injection

DISPUTED The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide...

4.3CVSS8.4AI score0.01299EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2018/09/23 10:29 p.m.16 views

CVE-2018-17403

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibili...

8.8CVSS8.6AI score0.01299EPSS
Exploits0References1
NVD
NVDadded 2018/09/23 10:29 p.m.17 views

CVE-2018-17400

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to...

7CVSS6.9AI score0.00312EPSS
Exploits0References1
NVD
NVDadded 2018/09/23 10:29 p.m.18 views

CVE-2018-17401

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide...

8.8CVSS8.6AI score0.01231EPSS
Exploits0References1
NVD
NVDadded 2018/09/23 10:29 p.m.15 views

CVE-2018-17402

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide...

5.3CVSS5.3AI score0.01063EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/09/23 10:0 p.m.17 views

CVE-2018-17400

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to...

6.9AI score0.00312EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/09/23 10:0 p.m.12 views

CVE-2018-17402

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide...

5.3AI score0.01063EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/09/23 10:0 p.m.18 views

CVE-2018-17403

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibili...

8.6AI score0.01299EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/09/23 10:0 p.m.19 views

CVE-2018-17401

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide...

8.6AI score0.01231EPSS
Exploits0References1
CVE
CVEadded 2018/09/23 10:0 p.m.43 views

CVE-2018-17402

CVE-2018-17402 (PhonePe wallet) affects Android versions 3.0.6–3.3.26 of com.PhonePe.app. The issue is an information disclosure risk where an attacker could uncover credit/debit card number, expiry date, and CVV. The exploitation condition described across sources requires the user to install a ...

5.3CVSS5.2AI score0.01063EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2018/09/23 12:0 a.m.3 views

PT-2018-14016 · Phonepe · Phonepe

Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue might allow attackers to impersonate a user and set up their account without their knowledge. To exploit this, the user has to explicitly install a...

8.8CVSS6.9AI score0.01299EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2018/09/23 12:0 a.m.3 views

PT-2018-14014 · Phonepe · Phonepe

Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue allows attackers to perform Account Takeover attacks by exploiting the Forgot Password feature. To exploit this, the user has to explicitly install a...

8.8CVSS7.2AI score0.01231EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2018/09/23 12:0 a.m.4 views

PT-2018-14015 · Phonepe · Phonepe

Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue might allow attackers to discover sensitive information, including Credit/Debit card numbers, expiration dates, and CVV numbers. To exploit this, a user...

5.3CVSS5.6AI score0.01063EPSS
Exploits0References3
Rows per page
Query Builder