The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL...
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable ide...
Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe ...
Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to i...
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellu...
There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inje...
Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.
The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to exe...
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
