CVE-2025-55443

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details IP/port that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platfor...

CVE-2025-48463

Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering...

Nextcloud: Missing ownership check on remote wipe endpoint

On settings/user/security You can mark a device for wipe out that does not belong to you. Steps: 1. Create 2 accounts one for the hacker and one for the victim 2. On both accounts add devices with different names 3. On the hacker account, while intercepting with burpsuite, select the option to wi...

xd-testing Downloads Resources over HTTP

Affected versions of xd-testing insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Samsung Knox Vulnerable to Data Intercept

An Israeli security researcher from the Ben-Gurion University of the Negev’s Cyber Security Labs claims to have uncovered a serious security flaw in Samsung Knox. Knox is a security- and privacy-centric platform built into certain Samsung devices running Android. The Knox architecture, tailored f...