6 matches found
CVE-2026-27838
wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...
Strava heatmap loophole may reveal users' home addresses
Researchers at NC State University have outlined potential privacy issues with popular fitness app Strava which could lead to users' homes being pinpointed. The researchers' findings are detailed in a paper called Heat marks the spot: de-anonymising users' geographical data on the Strava heat map...
Fit Fitness App Has Logic Flaw Vulnerability
Fit Fitness app a new sports and fitness application. Fit Fitness app has a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...
Mark Goldstein Eat Spray Love Security Breach
Mark Goldstein Eat Spray Love is a mobile app about fitness by Mark Goldstein personal developer. A security vulnerability exists in the Eat Spray Love mobile app, which stems from the inclusion of a backdoor account that, when modified, could allow a user privileged access to restricted features...
Apps on smartphones are selling and sharing our location data 24/7
By Waqas It's no surprise that the apps we download on our smartphones are tracking our movements and also transferring the information to third parties without our consent. Last year it was Google caught collecting location data of Android users even if their device's location service was off th...
LOOX Fitness Planer - Customized SSL, KeyStore usage, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application LOOX Fitness Planer published at the 'play' market has multiple vulnerabilities...