Browse all 4 CVE security advisories affecting appcheap. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Appcheap operates as a mobile app marketplace platform connecting developers with users, facilitating app distribution and monetization. Historically, the platform has been susceptible to multiple remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from insufficient input validation and insecure API endpoints. Privilege escalation issues have also been documented, allowing unauthorized access to administrative functions. The four recorded CVEs highlight consistent security weaknesses in web application components, particularly in user authentication and session management. While no major public security incidents have been reported, the pattern of vulnerabilities suggests ongoing challenges in secure coding practices and regular security assessments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7638 | App Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' Parameter — App Builder – Create Native Android & iOS Apps On The FlightCWE-639 | 5.3 | Medium | 2026-05-02 |
| CVE-2026-2375 | App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter — App Builder – Create Native Android & iOS Apps On The FlightCWE-269 | 6.5 | Medium | 2026-03-21 |
| CVE-2024-9302 | App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP — App Builder – Create Native Android & iOS Apps On The FlightCWE-640 | 8.1 | High | 2024-10-25 |
| CVE-2024-7651 | App Builder – Create Native Android & iOS Apps On The Flight <= 4.3.3 - Unauthenticated Limited SQL Injection via app-builder-search — App Builder – Create Native Android & iOS Apps On The FlightCWE-89 | 5.6 | Medium | 2024-08-21 |
This page lists every published CVE security advisory associated with appcheap. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.