12 matches found
CVE-2025-65827
The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...
CVE-2025-65830
Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...
EUVD-2025-202618
The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...
EUVD-2025-202614
Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...
CVE-2025-65830
Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...
CVE-2025-65830
Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...
CVE-2025-65827
The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...
CVE-2025-65830
Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...
CVE-2025-65827
The CVE describes a mobile application configured to allow clear text traffic to all domains and to communicate with its API server over HTTP. The underlying issue is that traffic can be intercepted and modified by an upstream adversary, potentially leading to a total compromise of a user’s accou...
PT-2025-50538
Name of the Vulnerable Software and Affected Versions Mobile application affected versions not specified Description A missing certificate validation allows an attacker positioned upstream to intercept and decrypt TLS traffic from the mobile application. This interception enables the attacker to...
CVE-2021-37597
WP Cerber before 8.9.3 allows MFA bypass via wordpressloggedinhash manipulation...
CVE-2020-10539
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user aka a...