ReportizFlow
Filtered by vendor
Subscriptions
Total
4191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61114 | 2 Autobizline, Google | 2 Mysecondline, Android | 2025-11-04 | 7.5 High |
| 2nd Line Android App version v1.2.92 and before (package name com.mysecondline.app), developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the user_token, enabling attackers to brute force tokens and perform unauthorized queries on other user accounts. Successful exploitation could result in privacy breaches and unauthorized access to user data. | ||||
| CVE-2025-61115 | 3 Abc Liquors, Google, Wine | 3 Fine Wine And Spirits App, Android, Wine | 2025-11-04 | 7.5 High |
| ABC Fine Wine & Spirits Android App version v.11.27.5 and before (package name com.cta.abcfinewineandspirits), developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication, allowing attackers to bypass login checks and obtain valid session identifiers. Successful exploitation could result in unauthorized account access, privacy breaches, and misuse of the platform. | ||||
| CVE-2025-61116 | 2 Google, Scriptsbundle | 2 Android, Adforest | 2025-11-04 | 7.5 High |
| AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be manipulated by attackers to gain unauthorized access to user accounts. Successful exploitation could result in account compromise, privacy breaches, and misuse of the platform. | ||||
| CVE-2025-61117 | 2 Google, Paul Itoi | 2 Android, Senza Keto Fasting App | 2025-11-04 | 7.5 High |
| Senza: Keto & Fasting Android App version 2.10.15 (package name com.gl.senza), developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful exploitation could result in unauthorized account access, privacy breaches, and misuse of the platform. | ||||
| CVE-2025-61119 | 2 Google, Karely | 2 Android, Kanova App | 2025-11-04 | 7.5 High |
| Kanova Android App version 1.0.27 (package name com.karelane), developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful exploitation could result in privacy breaches, unauthorized group access, and misuse of the platform. | ||||
| CVE-2025-61120 | 2 Google, Io Fit | 2 Android, Ag Life Logger App | 2025-11-04 | 7.5 High |
| AG Life Logger Android App version v1.0.2.72 and before (package name com.donki.healthy), developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force account logins feasible. Successful exploitation could result in account compromise, privacy breaches, and abuse of cloud resources. | ||||
| CVE-2025-29270 | 1 Deep Sea Electronics | 1 Dse855 | 2025-11-04 | 10 Critical |
| Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device. | ||||
| CVE-2025-43337 | 1 Apple | 1 Macos | 2025-11-04 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-43332 | 1 Apple | 1 Macos | 2025-11-04 | 5.2 Medium |
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43321 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-11-04 | 5.5 Medium |
| The issue was resolved by blocking unsigned services from launching on Intel Macs. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data. | ||||
| CVE-2025-43319 | 1 Apple | 1 Macos | 2025-11-04 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data. | ||||
| CVE-2025-43317 | 1 Apple | 8 Ios, Ipad Os, Ipados and 5 more | 2025-11-04 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26, tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-43315 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-11-04 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43308 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-11-04 | 3.3 Low |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access sensitive user data. | ||||
| CVE-2025-43305 | 1 Apple | 1 Macos | 2025-11-04 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. A malicious app may be able to access private information. | ||||
| CVE-2025-43294 | 1 Apple | 1 Macos | 2025-11-04 | 3.3 Low |
| An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-43291 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-11-04 | 5.5 Medium |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-43285 | 1 Apple | 1 Macos | 2025-11-04 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data. | ||||
| CVE-2025-31269 | 1 Apple | 3 Macos, Macos Sonoma, Macos Tahoe | 2025-11-04 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8. An app may be able to access protected user data. | ||||
| CVE-2025-31268 | 1 Apple | 1 Macos | 2025-11-04 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data. | ||||