Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
android api vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2020-5667
Studyplus App for Android v6.3.7 and previous versions and Studyplus App for iOS v8.29.0 and previous versions use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
Wantedlyinc Studyplus
7.5
CVSSv3
CVE-2018-14901
The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services.
Epson Iprint 6.6.3
5.3
CVSSv3
CVE-2023-40040
An issue exists in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android ...
Mycrops Higrade 1.0.337
7.5
CVSSv3
CVE-2021-20748
Retty App for Android versions before 4.8.13 and Retty App for iOS versions before 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
Retty Retty
7.5
CVSSv3
CVE-2016-9061
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulne...
Mozilla Firefox
8.1
CVSSv3
CVE-2022-45636
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows malicious user to unlock model(s) without authorization via arbitrary API requests.
Megafeis Bofei Dbd\\+ 1.4.4
Megafeis Bofei Dbd\\+ 1.4.3
1 Github repository
NA
CVE-2015-5637
The Newphoria Photon application prior to 1.2 for Android allows malicious users to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
Newphoria Corporation 1.1
NA
CVE-2014-1449
The Maxthon Cloud Browser application prior to 4.1.6.2000 for Android allows remote malicious users to spoof the address bar via crafted JavaScript code that uses the history API.
Maxthon Maxthon Cloud Browser
NA
CVE-2015-5633
The Newphoria Auction Camera application for iOS and prior to 1.2 for Android allows malicious users to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
Newphoria Corporation Auction Camera
Newphoria Corporation Auction Camera -
4.3
CVSSv3
CVE-2016-1562
The REST API in the DTE Energy Insight application prior to 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter.
Dte Energy Insight 1.7.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »