JackSessions/Jack-Sessions-CVEs

Releases0

This is for the CVE's that I find as I will link them as the advisory for the CVE's to be public!

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-50862 ↗	Aug 14, 2025Thursday, 14 August 2025, 20:15	5.9 MEDIUM	—
The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure.
CVE-2025-50861 ↗	Aug 14, 2025Thursday, 14 August 2025, 20:15	6.5 MEDIUM	—
The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This poses a risk of unintended access to application internals and can cause denial of service or logic abuse.