Utarit SoliClub 信任管理问题漏洞

Utarit SoliClub is a mobile application from Utarit, Inc. A trust management issue vulnerability exists in Utarit SoliClub versions prior to 5.3.7, which stems from hard-coded credentials and could result in reading sensitive constants...

EUVD-2020-29638

Malware in sbrugna...

EUVD-2017-18492

Malware in sbrugna...

EUVD-2025-6207

Malicious code in bioql PyPI...

EUVD-2024-46258

Malicious code in bioql PyPI...

EUVD-2025-5066

Malicious code in bioql PyPI...

EUVD-2025-6681

Malicious code in bioql PyPI...

CVE-2021-32477

The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability site administrators by default. Moodle versions 3.10 to 3.10.3 are affected...

CVE-2020-25183

Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass. This vuln allows attacker to use other mobile device or malicious app on smartphone to auth...

CVE-2025-48127 WordPress Push notification for Mobile and Web app plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app push-notification-mobile-and-web-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push notification for Mobile and Web app: from n/a through = 2.0.3...

CVE-2025-30516 Unauthorized Notification Exposure in Mobile App Under Specific Conditions

Mattermost Mobile Apps versions =2.25.0 fail to terminate sessions during logout under certain conditions e.g. poor connectivity, allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications...

Malwarebytes consumer product roundup: The latest

At Malwarebytes, we’re constantly evolving to protect our customers. These days, our products don’t just protect you from malware, we protect your identity, defend you from ads, safeguard your social media, and keep your mobile safe too. Here are the innovations we’ve made in our products recentl...

Qualys Named a Market Leader in GigaOm Radar Report for Application Security Testing

Qualys Web Application Scanning WAS has been named a leader in the GigaOm Radar Report for Application Security Testing, 2023. Web app security is critical for every organization, for attacks on this vector caused 25% of breaches, according to the Verizon 2023 Data Breach Investigations Report. T...

CVE-2022-30124

An improper authentication vulnerability exists in Rocket.Chat Mobile App 4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication PIN code...

CVE-2020-36486

CVE-2020-36486 affects Swift File Transfer Mobile v1.1.2 and earlier. The vulnerability is a cross-site scripting (XSS) flaw triggered by the path parameter in the app’s list and download exception handling. The root cause is insufficient validation/escaping of the path input, allowing injected s...

The Rise of One-Time Password Interception Bots

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords OTPs that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitor...

Design/Logic Flaw

The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data...

Beijing Changping APP has overstepping access vulnerability

Beijing Changping app is an exclusive mobile news and information software for Beijing Changping area. Beijing Changping App has an override access vulnerability, which can be exploited by attackers to obtain information about other users...

I know where your pet is

Kaspersky Lab's many years of cyberthreat research would suggest that any device with access to the Internet will inevitably be hacked. In recent years, we have seen hacked toys, kettles, cameras, and irons. It would seem that no gadget has escaped the attention of hackers, yet there is one last...

Forbidden Horse Travel App has a logic design flaw

The Forbidden Horse Mobility App is a cell phone application for sharing motorcycles. There is a logic design loophole in Foramar Mobility APP, which allows attackers to arbitrarily register users or steal other users' account information for picking up a bike by grabbing packets and bursting...