CVE-2026-7671 CodeWise Tornet Scooter Mobile App TwoFactor excessive authentication

A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of...

CVE-2026-26327

OpenClaw is a personal AI assistant. Discovery beacons Bonjour/mDNS and DNS-SD include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning inputs...

EUVD-2020-26957

Malware in sbrugna...

EUVD-2021-32256

Malicious code in bioql PyPI...

EUVD-2024-31895

Malicious code in bioql PyPI...

CVE-2025-53649

"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs...

CVE-2025-30609 WordPress AppExperts plugin <= 1.4.3 - Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through = 1.4.3...

CVE-2025-30609

CVE-2025-30609 corresponds to an AppExperts vulnerability in AppExperts – WordPress to Mobile App – WooCommerce to iOS and Android Apps. The issue is described as an Insertion of Sensitive Information Into Sent Data, allowing retrieval of embedded sensitive data. Affected products/versions: AppEx...

Detecting Pegasus Infections

This tool seems to do a pretty good job. The company's Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify...

CVE-2022-45636

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...

CVE-2022-45636

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...

CVE-2020-5800

The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to...

CVE-2016-6540 TrackR Bravo is missing authentication for the cloud service and allows querying or sending of GPS data from unauthenticated users

Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been...

iClassSchedule 1.6 iOS & Android - Persistent Vulnerability

Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID: ===================================...

10 year old girl hacker CyFi reveal her first zero-day in Game at #DefCon 19

10 year old girl hacker CyFi reveal her first zero-day in Game at DefCon 19 Another awesome day at DefCon 19 . Today a 10 year old Girl hacker - pseudonym CyFi revealed her zero-day exploit in games on iOS and Android devices that independent researchers have confirmed as a new class of...