EUVD-2025-24940

Malicious code in bioql PyPI...

EUVD-2023-25036

Malicious code in bioql PyPI...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

CVE-2025-50862

CVE-2025-50862 affects the Lotus Cars Android app (com.lotus.carsdomestic.intl) v1.2.8. The underlying issue is allowBackup=true in the app manifest, which enables data exfiltration via ADB backup on rooted or debug-enabled devices. Impact per sources indicates potential user data exposure due to...

PT-2025-33410 · Lotus Cars · Lotus Cars Android App

Name of the Vulnerable Software and Affected Versions: Lotus Cars Android app com.lotus.carsdomestic.intl version 1.2.8 Description: The Lotus Cars Android app allows data exfiltration via ADB backup on rooted or debug-enabled devices due to the allowBackup=true flag being set in its manifest. Th...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

CVE-2024-30111

HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breache...

CVE-2023-20857

VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode...

JSA10553 - 2013-03: Security Bulletin: Pulse Secure Mobile: Android client privilege escalation

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security issue has been found in the Pulse Secure Mobile for Android. This issue could only be carried out on an Android phone that was "rooted". An issue in the Pulse Secure Mobile f...

CVE-2021-22336

There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device...

Android su Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android 'su' Privilege Escalation", 'Description' = %q This module uses the su binary present on rooted devices to run a payload as root. A roote...

CVE-2018-15542

An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: th...

CVE-2018-13446

An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...

A study of car sharing apps

The growing popularity of car sharing services has led some experts to predict an end to private car ownership in big cities. The statistics appear to back up this claim: for example, in 2017 Moscow saw the car sharing fleet, the number of active users and the number of trips they made almost...

CVE-2018-12446

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...

PT-2018-11179 · Dropbox · Com.Dropbox.Android

Name of the Vulnerable Software and Affected Versions: com.dropbox.android version 98.2.2 Description: An issue in the Passcode feature allows authentication bypass via runtime manipulation, forcing a certain method's return value to true, enabling an attacker to authenticate with an arbitrary...

Coinbase: Information disclosure in coinbase android app

Per our policy, issues which require rooted victim devices are in-scope...

MercadoPago Android App Information Disclosure

Advisory ID Internal CORE-2014-0011 1. Advisory Information Title: MercadoPago Android App Information Disclosure Advisory ID: CORE-2014-0011 Date published: 2014-12-19 Date of last update: 2014-12-17 Vendors contacted: Mercadolibre Release mode: Coordinated release 2. Vulnerability Information...