CVE-2025-14317

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

CVE-2025-14317

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

CVE-2025-13474

Authorization Bypass Through User-Controlled Key vulnerability in Menulux Software Inc. Mobile App allows Exploitation of Trusted Identifiers.This issue affects Mobile App: before 9.5.8...

CVE-2025-13474 IDOR in Menulux Software's Mobile App

Authorization Bypass Through User-Controlled Key vulnerability in Menulux Software Inc. Mobile App allows Exploitation of Trusted Identifiers. This issue affects Mobile App: before 9.5.8...

CVE-2025-13474

Summary of CVE-2025-13474 Affected product: Menulux Software Inc. Mobile App (versions before 9.5.8). Vulnerability: Authorization bypass through a user-controlled key that enables exploitation of trusted identifiers. Impact: The description indicates an authorization bypass affecting the mobile ...

EUVD-2015-2690

Malware in sbrugna...

EUVD-2020-19789

Malware in sbrugna...

EUVD-2017-12316

Malware in sbrugna...

EUVD-2025-5283

Malicious code in bioql PyPI...

PT-2025-37337

Name of the Vulnerable Software and Affected Versions: AXIS BANK LIMITED Axis Mobile App version 9.9 Description: An issue was discovered that allows attackers to gain sensitive information without a UPI PIN, including account information, balances, transaction history, and other unspecified...

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

PT-2025-31639 · Unknown · Csc Pay Mobile App

Name of the Vulnerable Software and Affected Versions: CSC Pay Mobile App versions prior to 2.20.0 Description: The CSC Pay Mobile App contains an issue that allows users to bypass payment authorization by disabling Bluetooth during a transaction. This bypass could lead to unauthorized use of...

CVE-2025-20036

Mattermost Mobile Apps versions =2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post...

CVE-2020-5800

The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to...

CVE-2025-30123

An issue was discovered on ROADCAM X3 devices. The mobile app APK Viidure contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device...

CVE-2025-30123

CVE-2025-30123 affects ROADCAM X3 devices; the Viidure mobile APK contains hardcoded FTP credentials for the FTPX user, enabling unauthorized access and extraction of sensitive recorded footage. Vulnerable component: the APK (Viidure) with hardcoded credentials; root cause is credential exposure ...

CVE-2024-12651

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0...

PTT HGS Mobile App 安全漏洞

PTT HGS Mobile App is a mobile application from PTT Turkey that is used to facilitate the management and payment of Highway Electronic Toll Collection System HGS fees. A security vulnerability exists in PTT HGS Mobile App versions prior to 6.5.0, which stems from the presence of a vulnerability...

CVE-2024-52329

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...

MTN Group: Broken Access Control leads to disclosure of transaction history via /v2/rechargeTransactionHistory endpoint

The vulnerability disclosed the transaction history details of MTN NG customers, including recharge dates, amounts, and transaction IDs. This was caused by insufficient authorization checks in the /v2/rechargeTransactionHistory API endpoint, which allowed access to other customers' data without...