Honest_Corrupt

**Name of the Vulnerable Software and Affected Versions** Moovit Bus & Public Transit App version 1.18 **Description** A flaw in the `com.tranzmate` component of the Android application allows for improper authorization within the handler for custom URL schemes. This issue requires local execution to manipulate the handler and bypass authorization controls. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Groww Stock, Mutual Fund, Gold App versions prior to 20260805 **Description** An issue exists in the WebView URL Handler component on Android. The manipulation of the handler for custom URL schemes leads to improper authorization. This attack can be launched on a physical device, although the complexity is high and exploitability is difficult. **Recommendations** Update to a version later than 20260805.

**Name of the Vulnerable Software and Affected Versions** Meesho Online Shopping App versions up to 27.3 **Description** A vulnerability exists in the Meesho Online Shopping App for Android, affecting versions up to 27.3. The issue involves a risky cryptographic algorithm within an unknown function of the `/api/endpoint` file in the `com.meesho.supply` component. This manipulation can be performed remotely, but requires a high level of complexity and is considered difficult to exploit. The exploit has been publicly disclosed. **Recommendations** Update Meesho Online Shopping App to a version newer than 27.3.

Name of the Vulnerable Software and Affected Versions: Bharti Airtel Thanks App version 4.105.4 Description: A problematic vulnerability has been found in the Bharti Airtel Thanks App, affecting an unknown function of the file /Android/data/com.myairtelapp/files/. This issue leads to cleartext storage in a file or on disk. The attack can be launched on the physical device. Recommendations: For Bharti Airtel Thanks App version 4.105.4, consider restricting access to the file /Android/data/com.myairtelapp/files/ to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PhonePe App version 25.03.21.0 **Description** A problematic issue was found in the PhonePe App, affecting an unknown function of the SQLite Database component. The issue leads to cleartext storage in a file or on disk, requiring local access for exploitation. The exploit has been publicly disclosed. **Recommendations** For PhonePe App version 25.03.21.0, consider updating to a newer version that addresses the cleartext storage issue, as local access can be used to exploit this problem. At the moment, there is no information about a newer version that contains a fix for this vulnerability.