CVE-2021-41719

CVE-2021-41719 affects the Maharashtra State Electricity Distribution Company Limited Mahavitran iOS app up to version 16.1. The app uses GET requests to transmit sensitive data (user account name and password), which can be exposed via browser history, referrers, web logs, and other sources. The...

CVE-2025-25325

An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2025-25334

An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2025-20615

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based...

CVE-2025-20615

CVE-2025-20615 affects the Qardio Arm iOS app. The vulnerability arises from exposing usernames and passwords in a plist file, enabling an attacker to log in to production-level development accounts and trigger an engineering backdoor that accepts hex-based commands over a UI-based terminal. Impa...

CVE-2025-20615 Qardio Heart Health IOS Mobile Application Exposure of Private Personal Information to an Unauthorized Actor

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based...

CVE-2024-56968

An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload...

CVE-2024-56952

An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app iOS version 6.40.0 allows attackers to access user information via supplying a crafted link...

CVE-2024-56966

An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2024-56948

Affected software/component: KuGou Music iOS, version 20.0.0. Description confirms an issue where attackers can access sensitive user information by supplying a crafted link. Underlying root cause details are not provided in the documents. PT-2025-3352 lists a remediation: update KuGou Music iOS ...

CVE-2024-56960

An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2024-56949

An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2023-4617 Gaining remote control over Govee devices

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

CVE-2022-41690

Improper access control in the IntelR Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-28932 WordPress WPMobile.App Plugin <= 11.20 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin = 11.20 versions...

PT-2023-14015 · Intel · Intel Retail Edge Mobile Ios

Name of the Vulnerable Software and Affected Versions: IntelR Retail Edge Mobile iOS application versions prior to 3.4.7 Description: The issue is related to improper access control, which may allow an authenticated user to potentially enable escalation of privilege via local access...

Intel® Retail Edge Mobile App Advisory

Summary: Potential security vulnerabilities in the Intel® Retail Edge Mobile application may allow escalation of privilege, denial of service or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-41690...

DEBIAN-CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...

CVE-2023-22702 WordPress WPMobile.App — Android and iOS Mobile Application Plugin <= 11.13 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Cross-Site Scripting XSS vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin = 11.13 versions...

CVE-2022-45637

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...