Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
android api vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2019-5634
An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile applic...
Belwith-keeler Hickory Smart
9.8
CVSSv3
CVE-2016-10454
In Android prior to 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 425, SD 430, SD 450, and SD 625, in a QTEE API function, an array out-of-bounds index can occur.
Qualcomm Sd 425 Firmware -
Qualcomm Sd 430 Firmware -
Qualcomm Sd 450 Firmware -
Qualcomm Sd 625 Firmware -
NA
CVE-2015-5629
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and previous versions for Android and 1.0.2 and previous versions for iOS allows malicious users to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
Ntt-bp Japan Connected-free Wi-fi
3.1
CVSSv3
CVE-2018-12445
An issue exists in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint AP...
Dropbox Dropbox 98.2.2
6.8
CVSSv3
CVE-2018-15543
An issue exists in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint...
Telegram Telegram 4.8.11
8.1
CVSSv3
CVE-2020-5604
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
Mercari Mercari
7.5
CVSSv3
CVE-2019-13097
The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.
Cat Runner Decorate Home Project Cat Runner
9.1
CVSSv3
CVE-2017-14487
The OhMiBod Remote app for Android and iOS allows remote malicious users to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user_id, and token fields in data/data/com.ohmibod.remote2/shared_prefs/OMB.xm...
Ohmibod Ohmibod Remote
6.5
CVSSv3
CVE-2020-16168
Origin Validation Error in temi Robox OS before 120, temi Android app up to 1.3.7931 allows remote malicious users to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors.
Robotemi Temi Firmware
7.5
CVSSv3
CVE-2020-35137
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be us...
Mobileiron Mobile@work
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »