EUVD-2025-37028

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

EUVD-2025-37015

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

EUVD-2025-37021

AdForest - Classified Android App version 4.0.12 package name scriptsbundle.adforest, developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be...

EUVD-2025-37162

Malicious code in epic-diesel-androidlauncher npm...

CVE-2025-61119

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

CVE-2025-61121

Mobile Scanner Android App version 2.12.38 package name com.glority.everlens, developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitiv...

Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month

Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services...

CVE-2025-61117

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

Exploit for CVE-2025-54957

Dolby Unified Decoder CVE-2025-54957 POC When a file is p...

Google Chrome on Android Omnibox Improperly Implemented Vulnerability

Google Chrome on Android is a mobile browser from Google, optimized for Android devices, offering fast browsing, smart search, privacy protection and cross-device syncing. Google Chrome on Android suffers from an Omnibox mal-implementation vulnerability that can be exploited by attackers to cause...

PT-2025-44425

Name of the Vulnerable Software and Affected Versions Senza versions 2.10.15 Description The Senza: Keto & Fasting Android App has an issue with how it controls access to user data. Insufficient checks in the app’s API endpoints allow attackers to get authentication tokens and take over accounts...

CVE-2025-61117

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

CVE-2025-61114

The CVE-2025-61114 entry concerns AutoBizLine’s 2nd Line Android App (v1.2.92 and earlier; package com.mysecondline.app). A single-token-character validation flaw in the authentication server enables token-guessing/brute-forcing and unauthorized access to other users’ data, constituting an improp...

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

PT-2025-44420

Name of the Vulnerable Software and Affected Versions ABC Fine Wine & Spirits Android App versions v.11.27.5 and before Description The ABC Fine Wine & Spirits Android App does not properly validate user passwords during authentication, potentially allowing attackers to bypass login checks and...

AdForest – Classified Android App 安全漏洞

AdForest - Classified Android App is a classified information system application by the individual developer Muhammad Jawad Arshad. A security vulnerability exists in AdForest - Classified Android App version 4.0.12, which stems from improper access control in the authentication mechanism, which...

CVE-2025-61116

CVE-2025-61116 affects AdForest – Classified Android App, v4.0.12 (package: scriptsbundle.adforest). The vulnerability arises from improper access control in authentication where a Base64-encoded email address is used as the authorization credential, allowing attackers to manipulate credentials a...