CVE-2025-61114

2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...

MOLE TalkTalk Android App 安全漏洞

MOLE TalkTalk Android App is a chat application from China-based MOLE. A security vulnerability exists in MOLE TalkTalk Android App version 3.3.6. The vulnerability stems from improper access control of multiple API endpoints, and an attacker may be able to obtain sensitive user information and...

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

Glority Limited Mobile Scanner Android App 安全漏洞

Glority Limited Mobile Scanner Android App is a mobile scanning application from Glority. A security vulnerability exists in Glority Limited Mobile Scanner Android App version 2.12.38, which stems from improper handling of cloud service credentials and could lead to disclosure of sensitive...

CVE-2025-61116

AdForest - Classified Android App version 4.0.12 package name scriptsbundle.adforest, developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be...

CVE-2025-61115

CVE-2025-61115 affects ABC Fine Wine & Spirits Android App versions v.11.27.5 and earlier (package com.cta.abcfinewineandspirits). The root cause is improper access control in the login mechanism: the app does not properly validate user passwords during authentication, allowing bypass of login ch...

CVE-2025-61121

Mobile Scanner Android App version 2.12.38 package name com.glority.everlens, developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitiv...

AdForest – Classified Android App 安全漏洞

AdForest - Classified Android App is a classified information system application by the individual developer Muhammad Jawad Arshad. A security vulnerability exists in AdForest - Classified Android App version 4.0.12, which stems from improper access control in the authentication mechanism, which...

CVE-2025-61119

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

CVE-2025-61117

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

ABC Fine Wine & Spirits Android App 安全漏洞

ABC Fine Wine & Spirits Android App is a wine shopping app by ABC Fine Wine & Spirits. A security vulnerability exists in ABC Fine Wine & Spirits Android App v.11.27.5 and earlier versions, which stems from improper access control of the login mechanism and could lead to bypassing login checks an...

CVE-2025-61120

AG Life Logger Android App (v1.0.2.72 and earlier; package com.donki.healthy) by IO FIT, K.K. has an improper access control vulnerability. Traffic contains credentials exposed in transit, which may allow misuse of cloud resources. Additionally, a predictable verification code mechanism enables b...

PT-2025-44427

Name of the Vulnerable Software and Affected Versions Kanova versions 1.0.27 Description The Kanova Android App has issues with how access is controlled. An attacker could manipulate parameters in requests to the application's API and gain unauthorized access to user details and group information...

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

CVE-2025-61121

CVE-2025-61121 affects Mobile Scanner Android App v2.12.38 (package com.glority.everlens) by Glority Global Group Ltd. The connected sources describe a credential leakage vulnerability caused by improper handling of cloud service credentials. Exploitation could lead to disclosure of sensitive inf...

CVE-2025-61117

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

CVE-2025-61117

Senza: Keto & Fasting Android App 2.10.15 (com.gl.senza) contains an improper access control vulnerability in the user data API endpoints. The root cause is insufficient checks in the API, allowing attackers to obtain authentication tokens and perform account takeover, potentially leading to unau...

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

PT-2025-44419

Name of the Vulnerable Software and Affected Versions TalkTalk version 3.3.6 Description The TalkTalk 3.3.6 Android App has improper access control issues in several API endpoints. Modifying request parameters can allow attackers to get sensitive user information, like device identifiers and...

CVE-2025-61116

AdForest - Classified Android App version 4.0.12 package name scriptsbundle.adforest, developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be...