| CVE-2026-4880 | Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication | ukrsolution | Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) | Critical | 9.8 | 2026-04-15 23:25:50 | Deep Dive |
| CVE-2026-27067 | WordPress Mobile App Editor plugin <= 1.3.1 - Arbitrary File Upload vulnerability | Syarif | Mobile App Editor | Critical | 9.1 | 2026-03-19 08:41:18 | Deep Dive |
| CVE-2026-3090 | Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type' | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2026-03-18 15:28:29 | Deep Dive |
| CVE-2026-2559 | Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 5.3 | 2026-03-18 15:28:28 | Deep Dive |
| CVE-2025-50053 | WordPress Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App Plugin <= 0.8.8.8 - Cross Site Scripting (XSS) Vulnerability | nebelhorn | Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App | High | 7.1 | 2025-12-31 20:09:03 | Deep Dive |
| CVE-2025-13029 | Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion | Unknown | Knowband Mobile App Builder | 高危 | - | 2025-12-31 06:00:03 | Deep Dive |
| CVE-2025-13474 | IDOR in Menulux Software's Mobile App | Menulux Software Inc. | Mobile App | High | 7.5 | 2025-12-16 11:25:50 | Deep Dive |
| CVE-2025-12655 | Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write | hippooo | Hippoo Mobile App for WooCommerce | Medium | 5.3 | 2025-12-12 06:32:59 | Deep Dive |
| CVE-2025-13339 | Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read | hippooo | Hippoo Mobile App for WooCommerce | High | 7.5 | 2025-12-10 04:24:13 | Deep Dive |
| CVE-2025-12887 | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 5.4 | 2025-12-03 12:29:54 | Deep Dive |
| CVE-2025-11127 | Mstoreapp Mobile (App <= 2.08, Multivendor <= 9.0.1) - Unauthenticated Privilege Escalation | Unknown | Mstoreapp Mobile App | 中危 | - | 2025-11-21 13:41:08 | Deep Dive |
| CVE-2025-11833 | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Critical | 9.8 | 2025-11-01 03:34:36 | Deep Dive |
| CVE-2025-11881 | AppPresser – Mobile App Framework <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure | scottopolis | AppPresser – Mobile App Framework | Medium | 5.3 | 2025-10-30 06:45:40 | Deep Dive |
| CVE-2025-11645 | Tomofun Furbo Mobile App Authentication Token sensitive information | Tomofun | Furbo Mobile App | Low | 2.4 | 2025-10-12 20:32:06 | Deep Dive |
| CVE-2025-9200 | Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection | nebelhorn | Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App | High | 7.5 | 2025-10-03 11:17:17 | Deep Dive |
| CVE-2025-9219 | Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 4.3 | 2025-09-03 08:27:23 | Deep Dive |
| CVE-2025-8207 | Canara ai1 Mobile Banking App com.canarabank.mobility AndroidManifest.xml improper export of android application components | Canara | ai1 Mobile Banking App | Medium | 5.3 | 2025-07-26 20:02:06 | Deep Dive |
| CVE-2025-48127 | WordPress Push notification for Mobile and Web app plugin <= 2.0.3 - Broken Access Control vulnerability | App Cheap | Push notification for Mobile and Web app | Medium | 6.5 | 2025-05-16 15:45:11 | Deep Dive |
| CVE-2025-32638 | WordPress ShopApper plugin <= 0.4.61 - Cross Site Scripting (XSS) vulnerability | weptile | Mobile App for WooCommerce | High | 7.1 | 2025-04-17 15:47:09 | Deep Dive |
| CVE-2025-31816 | WordPress Mobile App Canvas Plugin <= 3.8.2 - Broken Access Control vulnerability | pietro | Mobile App Canvas | Medium | 5.4 | 2025-04-01 14:51:44 | Deep Dive |