CVE-2025-61117

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

CVE-2025-61114

The CVE-2025-61114 entry concerns AutoBizLine’s 2nd Line Android App (v1.2.92 and earlier; package com.mysecondline.app). A single-token-character validation flaw in the authentication server enables token-guessing/brute-forcing and unauthorized access to other users’ data, constituting an improp...

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

PT-2025-44420

Name of the Vulnerable Software and Affected Versions ABC Fine Wine & Spirits Android App versions v.11.27.5 and before Description The ABC Fine Wine & Spirits Android App does not properly validate user passwords during authentication, potentially allowing attackers to bypass login checks and...

AdForest – Classified Android App 安全漏洞

AdForest - Classified Android App is a classified information system application by the individual developer Muhammad Jawad Arshad. A security vulnerability exists in AdForest - Classified Android App version 4.0.12, which stems from improper access control in the authentication mechanism, which...

CVE-2025-61116

CVE-2025-61116 affects AdForest – Classified Android App, v4.0.12 (package: scriptsbundle.adforest). The vulnerability arises from improper access control in authentication where a Base64-encoded email address is used as the authorization credential, allowing attackers to manipulate credentials a...

CVE-2025-61120

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

Kanova Android App 安全漏洞

Kanova Android App is a social group application by Kanova. A security vulnerability exists in Kanova Android App version 1.0.27, which stems from improper access control and could lead to unauthorized access to user details and obtain group information...

CVE-2025-61114

2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...

CVE-2025-61113

TalkTalk Android app v3.3.6 has improper access control across multiple API endpoints. The issue allows parameter tampering to extract sensitive user data (device identifiers, birthdays) and private group information (including join credentials). Impact is privacy breach and unauthorized access t...

AutoBizLine 2nd Line Android App 安全漏洞

AutoBizLine 2nd Line Android App is a mobile messaging application from AutoBizLine, Inc. A security vulnerability exists in AutoBizLine 2nd Line Android App v1.2.92 and earlier versions, which stems from improper access control in the authentication mechanism, where the server only validates the...

CVE-2025-61116

AdForest - Classified Android App version 4.0.12 package name scriptsbundle.adforest, developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be...

IOFIT AG Life Logger Android App 安全漏洞

IOFIT AG Life Logger Android App is a sports app from IOFIT Japan. A security vulnerability exists in IOFIT AG Life Logger Android App v1.0.2.72 and earlier versions, which stems from improper access control and a predictable CAPTCHA, and could lead to account disclosure and misuse of cloud...

PT-2025-44431

Name of the Vulnerable Software and Affected Versions Mobile Scanner version 2.12.38 Description The Mobile Scanner Android App has a flaw where cloud service credentials are not handled securely. This could allow attackers to gain access to these credentials and perform unauthorized actions. The...

PT-2025-44427

Name of the Vulnerable Software and Affected Versions Kanova versions 1.0.27 Description The Kanova Android App has issues with how access is controlled. An attacker could manipulate parameters in requests to the application's API and gain unauthorized access to user details and group information...

CVE-2025-61119

CVE-2025-61119 affects Kanova Android App v1.0.27 (package com.karelane) by Karely L.L.C. The issue is improper access control that allows attackers to manipulate API request parameters to access user details and group information (including entry codes). Documented impact includes privacy breach...

Glority Limited Mobile Scanner Android App 安全漏洞

Glority Limited Mobile Scanner Android App is a mobile scanning application from Glority. A security vulnerability exists in Glority Limited Mobile Scanner Android App version 2.12.38, which stems from improper handling of cloud service credentials and could lead to disclosure of sensitive...

CVE-2025-61117

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

PT-2025-44419

Name of the Vulnerable Software and Affected Versions TalkTalk version 3.3.6 Description The TalkTalk 3.3.6 Android App has improper access control issues in several API endpoints. Modifying request parameters can allow attackers to get sensitive user information, like device identifiers and...

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...