Skip to main content

Soliclub

7 CVEs product

Monthly

CVE-2025-7358 HIGH This Week

Hard-coded credentials in Utarit Informatics SoliClub Android application versions prior to 5.3.7 allow remote unauthenticated attackers to abuse authentication and access confidential data. The flaw is tracked under CWE-798 with a CVSS 7.5 (high) confidentiality-only impact, and currently shows no public exploit identified at time of analysis with a low EPSS score of 0.06% (18th percentile).

Authentication Bypass Soliclub
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-7047 MEDIUM This Month

Missing authorization controls in the SoliClub Android application (all versions before 5.3.7) allow authenticated low-privilege users to abuse their access and read data beyond their authorization level. The vulnerability, classified as CWE-862, exposes the application to privilege abuse where role or resource-level access checks are absent on one or more network-accessible functions. No public exploit code exists and EPSS stands at 0.03% (10th percentile), indicating no meaningful observed exploitation activity; this is not listed in CISA KEV.

Authentication Bypass Soliclub
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-1031 HIGH This Week

Authorization bypass in Utarit Informatics SoliClub Android application versions 5.2.4 through 5.3.6 allows remote unauthenticated attackers to access or manipulate other users' data by tampering with user-controlled identifiers (IDOR). The flaw enables functionality misuse with high impact on confidentiality (CVSS 7.5), though no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.04%.

Authentication Bypass Soliclub
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-1030 HIGH This Week

Information disclosure in Utarit Informatics SoliClub Android app versions 5.2.4 through 5.3.6 allows remote unauthenticated attackers to query the system and retrieve private personal information belonging to other users. The flaw stems from inadequate access controls on a query interface, and while CVSS rates it 7.5 (High), the EPSS probability of exploitation is very low (0.04%, 13th percentile) and no public exploit identified at time of analysis.

Authentication Bypass Soliclub
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-1029 HIGH This Week

Hard-coded credentials in Utarit Information Services SoliClub Android app (versions 5.2.4 through 5.3.7) allow remote unauthenticated attackers to read sensitive constants embedded within the executable. The flaw was reported by Turkey's national CERT (USOM) and carries a CVSS 7.5 with high confidentiality impact but no integrity or availability effect; no public exploit identified at time of analysis and EPSS is very low at 0.04%.

Authentication Bypass Soliclub
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-3306 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.4.0 for iOS, before 5.2.1 for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Soliclub
NVD VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2024-3305 HIGH This Week

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.4.0 for iOS, before 5.2.1 for Android. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Information Disclosure Soliclub
NVD VulDB
CVSS 4.0
8.8
EPSS
0.1%
EPSS 0% CVSS 7.5
HIGH This Week

Hard-coded credentials in Utarit Informatics SoliClub Android application versions prior to 5.3.7 allow remote unauthenticated attackers to abuse authentication and access confidential data. The flaw is tracked under CWE-798 with a CVSS 7.5 (high) confidentiality-only impact, and currently shows no public exploit identified at time of analysis with a low EPSS score of 0.06% (18th percentile).

Authentication Bypass Soliclub
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing authorization controls in the SoliClub Android application (all versions before 5.3.7) allow authenticated low-privilege users to abuse their access and read data beyond their authorization level. The vulnerability, classified as CWE-862, exposes the application to privilege abuse where role or resource-level access checks are absent on one or more network-accessible functions. No public exploit code exists and EPSS stands at 0.03% (10th percentile), indicating no meaningful observed exploitation activity; this is not listed in CISA KEV.

Authentication Bypass Soliclub
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Authorization bypass in Utarit Informatics SoliClub Android application versions 5.2.4 through 5.3.6 allows remote unauthenticated attackers to access or manipulate other users' data by tampering with user-controlled identifiers (IDOR). The flaw enables functionality misuse with high impact on confidentiality (CVSS 7.5), though no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.04%.

Authentication Bypass Soliclub
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure in Utarit Informatics SoliClub Android app versions 5.2.4 through 5.3.6 allows remote unauthenticated attackers to query the system and retrieve private personal information belonging to other users. The flaw stems from inadequate access controls on a query interface, and while CVSS rates it 7.5 (High), the EPSS probability of exploitation is very low (0.04%, 13th percentile) and no public exploit identified at time of analysis.

Authentication Bypass Soliclub
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Hard-coded credentials in Utarit Information Services SoliClub Android app (versions 5.2.4 through 5.3.7) allow remote unauthenticated attackers to read sensitive constants embedded within the executable. The flaw was reported by Turkey's national CERT (USOM) and carries a CVSS 7.5 with high confidentiality impact but no integrity or availability effect; no public exploit identified at time of analysis and EPSS is very low at 0.04%.

Authentication Bypass Soliclub
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.4.0 for iOS, before 5.2.1 for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Soliclub
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.4.0 for iOS, before 5.2.1 for Android. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Information Disclosure +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy