18 matches found
CVE-2026-55844
The Home Assistant iOS companion app prior to 2025.5.0 ignores the SSID allowlist for internal networks. It uses SSID to decide when to use the internal URL, but if no other URL is available it falls back to the internal URL, which can expose the user’s token on unsecure networks. Affected compon...
PT-2026-6585
Name of the Vulnerable Software and Affected Versions ProficySCADA for iOS version 5.0.25920 Description The application is susceptible to a denial of service condition. An attacker can cause the application to crash by manipulating the password input field. Specifically, overwriting the field wi...
JVN#89109713: WTW-EAGLE App vulnerable to improper server certificate validation
WTW-EAGLE App provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability. Improper server certificate validation CWE-295 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score 4.8 CVE-2025-58781...
CVE-2023-22367
Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack...
PT-2023-28870 · Zoom · Zoom Mobile App For Android +3
Name of the Vulnerable Software and Affected Versions: Zoom Mobile App for Android versions prior to 5.16.0 Zoom Mobile App for iOS versions prior to 5.16.0 Zoom SDKs for Android versions prior to 5.16.0 Zoom SDKs for iOS versions prior to 5.16.0 Description: The issue is related to cryptographic...
CVE-2020-14981
The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation...
CVE-2019-20801
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...
CVE-2018-18975
An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information...
CVE-2019-5927
Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors...
ANA App for iOS fails to verify SSL server certificates
Overview ANA App for iOS provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates CWE-295. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
Emirates NBD Bank P.J.S.C Emirates NBD KSA app for iOS Man-in-the-Middle Attack Vulnerability
A security vulnerability in the Emirates NBD Bank P.J.S.C Emirates NBD KSA app for iOS-based platforms versions 3.10.0 to 3.10.4 UAE and versions 2.0.1 to 2.1.0 KSA stems from the program's failure to validate an X.509 certificate on the server side of an SSL server. The vulnerability can be...
CVE-2017-9586
The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2017-9583
The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2017-9577
The "First Citizens Bank-Mobile Banking" by First Citizens Bank AL app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
CVE-2017-9582
The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-mobile-banking/id674215747 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
America's First Federal Credit Union Mobile Banking app for iOS Security Bypass Vulnerability
America's First Federal Credit Union Mobile Banking app for iOS is a mobile app for iOS from America's First Federal Credit Union FCU Bank, featuring quick access to manage bank accounts, manage balances, manage balances, pay bills, send money, and more. A security bypass vulnerability exists in...
CVE-2017-5915
The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 UAE and 2.0.1 through 2.1.0 KSA for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities
Document Title: =============== File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1403 Release Date: ============= 2015-01-15 Vulnerability Laboratory ID VL-ID: ==================================== 1403...