Export limit exceeded: 361177 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 361177 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (3 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-9219 1 Shenzhen I365-tech 1 Setracker2 Parental Control App (android) Package Com.tgelec.setracker 2026-06-26 6.5 Medium
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily enroll watches belonging to other users.
CVE-2026-9220 1 Shenzhen I365-tech 1 Setracker2 Parental Control App (android) Package Com.tgelec.setracker 2026-06-26 7.5 High
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic.
CVE-2026-9221 1 Shenzhen I365-tech 1 Setracker2 Parental Control App (android) Package Com.tgelec.setracker 2026-06-26 7.5 High
The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the session ID exposed, an attacker could impersonate the legitimate user and issue authenticated API requests.