EUVD-2025-37025

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

EUVD-2025-37015

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

EUVD-2025-37021

AdForest - Classified Android App version 4.0.12 package name scriptsbundle.adforest, developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be...

EUVD-2025-37162

Malicious code in epic-diesel-androidlauncher npm...

CVE-2025-61119

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

CVE-2025-61121

Mobile Scanner Android App version 2.12.38 package name com.glority.everlens, developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitiv...

Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month

Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services...

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

CVE-2025-61117

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

Exploit for CVE-2025-54957

Dolby Unified Decoder CVE-2025-54957 POC When a file is p...

CVE-2025-61114

The CVE-2025-61114 entry concerns AutoBizLine’s 2nd Line Android App (v1.2.92 and earlier; package com.mysecondline.app). A single-token-character validation flaw in the authentication server enables token-guessing/brute-forcing and unauthorized access to other users’ data, constituting an improp...

CVE-2025-61119

CVE-2025-61119 affects Kanova Android App v1.0.27 (package com.karelane) by Karely L.L.C. The issue is improper access control that allows attackers to manipulate API request parameters to access user details and group information (including entry codes). Documented impact includes privacy breach...

CVE-2025-61113

TalkTalk Android app v3.3.6 has improper access control across multiple API endpoints. The issue allows parameter tampering to extract sensitive user data (device identifiers, birthdays) and private group information (including join credentials). Impact is privacy breach and unauthorized access t...

CVE-2025-61114

2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...

IOFIT AG Life Logger Android App 安全漏洞

IOFIT AG Life Logger Android App is a sports app from IOFIT Japan. A security vulnerability exists in IOFIT AG Life Logger Android App v1.0.2.72 and earlier versions, which stems from improper access control and a predictable CAPTCHA, and could lead to account disclosure and misuse of cloud...

CVE-2025-61120

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

Google Chrome on Android Omnibox Improperly Implemented Vulnerability

Google Chrome on Android is a mobile browser from Google, optimized for Android devices, offering fast browsing, smart search, privacy protection and cross-device syncing. Google Chrome on Android suffers from an Omnibox mal-implementation vulnerability that can be exploited by attackers to cause...

AutoBizLine 2nd Line Android App 安全漏洞

AutoBizLine 2nd Line Android App is a mobile messaging application from AutoBizLine, Inc. A security vulnerability exists in AutoBizLine 2nd Line Android App v1.2.92 and earlier versions, which stems from improper access control in the authentication mechanism, where the server only validates the...

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...