Solution sectors / mobile-apps
Mobile Apps
Mobile applications and the cross-platform frameworks behind them handle personal data and run on devices people carry everywhere. This hub tracks CVEs across the mobile app ecosystem.
Cumulative CVEs
23,367
across 279 monthly snapshots
Latest month
23
+9.5% MoM · -67.1% YoY
Peak month
368
Dec 22
KEV this month
0
17 vendors affected
CVEs per month
Newest period on the right. Click a point to open that monthly report.
Deployment mix
How this sector's software is typically delivered — whether you patch it yourself or a vendor does. AI-assisted vendor classification.
- On-prem99%
- Embedded1%
Latest CVEs in this sector
The 15 most recently published vulnerabilities tagged to Mobile Apps.
- CVE-2026-9222Setracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authentication8.1
- CVE-2026-9221Setracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm7.5
- CVE-2026-9220Setracker2 Children's Smartwatch Ecosystem Use of hard-coded cryptographic key7.5
- CVE-2026-9219Setracker2 Children's Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers6.5
- CVE-2026-55740SQL Injection in Nur-Alam39 bus-ticket bus_info.php via busid parameter9.8
- CVE-2026-49065WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability8.2
- CVE-2026-12189Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme5.3
- CVE-2026-6853OTP Bypass in Başbelen Group's Pause+ Mobile App9.8
- CVE-2026-12065Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme1.8
- CVE-2026-47430Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews7.5
- CVE-2026-7537MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter7.2
- CVE-2026-10580Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API9.8
- CVE-2026-21036Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.5.5
- CVE-2026-21035Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.7.5
- CVE-2026-21034Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration.3.3
Weakness fingerprint
Top CWE classes in this sector, latest monthly snapshot.
Subsectors
Breakdown for the latest monthly snapshot.
| Subsector | CVEs | Crit | KEV | Vendors | MoM | Top products |
|---|---|---|---|---|---|---|
| android-app | 14 | 1 | · | 8 | — | setracker2 parental control app (android) package com.tgelec.setracker (4) · hippoo mobile app for woocommerce (2) · samsung assistant (2) |
| cross-platform-framework | 8 | 2 | · | 8 | — | pcsuite (2) · bus & public transit app (1) · bus-ticket (1) |
| ios-app | 1 | · | · | 1 | — | internet (1) |
Sector classification is AI-assisted with human review. How tagging works · Report a misclassification