[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-9222":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-26T14:36:48.442Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":184,"aliases":185,"duplicate_of":9,"upstream":186,"downstream":187,"duplicates":188,"related":189,"reserved_at":9,"published_at":190,"modified_at":191,"state":192,"summary":193,"references_raw":202,"kevs":207,"epss":208,"epss_history":211,"metrics":213,"affected":223},"CVE-2026-9222","Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-836","Use of Password Hash Instead of Password for Authentication","The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.","weakness","Incomplete","Base",[19,85],{"id":20,"name":21,"techniques":22},"CAPEC-644","Use of Captured Hashes (Pass The Hash)",[23],{"id":24,"name":25,"tactics":26,"countermeasures":33},"T1550.002","Pass the Hash",[27,30],{"id":28,"name":29},"TA0030","Defense Evasion",{"id":31,"name":32},"TA0109","Lateral Movement",[34,39,43,47,52,56,60,64,69,73,77,81],{"id":35,"name":36,"tactic":37},"D3-PLA","Process Lineage Analysis",{"name":38},"Detect",{"id":40,"name":41,"tactic":42},"D3-PSMD","Process Self-Modification Detection",{"name":38},{"id":44,"name":45,"tactic":46},"D3-PSA","Process Spawn Analysis",{"name":38},{"id":48,"name":49,"tactic":50},"D3-PT","Process Termination",{"name":51},"Evict",{"id":53,"name":54,"tactic":55},"D3-PS","Process Suspension",{"name":51},{"id":57,"name":58,"tactic":59},"D3-HR","Host Reboot",{"name":51},{"id":61,"name":62,"tactic":63},"D3-HS","Host Shutdown",{"name":51},{"id":65,"name":66,"tactic":67},"D3-KBPI","Kernel-based Process Isolation",{"name":68},"Isolate",{"id":70,"name":71,"tactic":72},"D3-SCF","System Call Filtering",{"name":68},{"id":74,"name":75,"tactic":76},"D3-HBPI","Hardware-based Process Isolation",{"name":68},{"id":78,"name":79,"tactic":80},"D3-ABPI","Application-based Process Isolation",{"name":68},{"id":82,"name":83,"tactic":84},"D3-WSAM","Web Session Access Mediation",{"name":68},{"id":86,"name":87,"techniques":88},"CAPEC-652","Use of Known Kerberos Credentials",[89],{"id":90,"name":91,"tactics":92,"countermeasures":96},"T1558","Steal or Forge Kerberos Tickets",[93],{"id":94,"name":95},"TA0031","Credential Access",[97,101,105,109,113,117,121,125,129,133,137,141,145,150,155,159,163,167,171,176,180],{"id":98,"name":99,"tactic":100},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":38},{"id":102,"name":103,"tactic":104},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":38},{"id":106,"name":107,"tactic":108},"D3-CSPP","Client-server Payload Profiling",{"name":38},{"id":110,"name":111,"tactic":112},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":38},{"id":114,"name":115,"tactic":116},"D3-NTSA","Network Traffic Signature Analysis",{"name":38},{"id":118,"name":119,"tactic":120},"D3-APCA","Application Protocol Command Analysis",{"name":38},{"id":122,"name":123,"tactic":124},"D3-NTCD","Network Traffic Community Deviation",{"name":38},{"id":126,"name":127,"tactic":128},"D3-RTSD","Remote Terminal Session Detection",{"name":38},{"id":130,"name":131,"tactic":132},"D3-CCSA","Credential Compromise Scope Analysis",{"name":38},{"id":134,"name":135,"tactic":136},"D3-RTA","RPC Traffic Analysis",{"name":38},{"id":138,"name":139,"tactic":140},"D3-CR","Credential Revocation",{"name":51},{"id":142,"name":143,"tactic":144},"D3-ANCI","Authentication Cache Invalidation",{"name":51},{"id":146,"name":147,"tactic":148},"D3-DUC","Decoy User Credential",{"name":149},"Deceive",{"id":151,"name":152,"tactic":153},"D3-CH","Credential Hardening",{"name":154},"Harden",{"id":156,"name":157,"tactic":158},"D3-MFA","Multi-factor Authentication",{"name":154},{"id":160,"name":161,"tactic":162},"D3-CRO","Credential Rotation",{"name":154},{"id":164,"name":165,"tactic":166},"D3-TB","Token Binding",{"name":154},{"id":168,"name":169,"tactic":170},"D3-TBA","Token-based Authentication",{"name":154},{"id":172,"name":173,"tactic":174},"D3-RIC","Reissue Credential",{"name":175},"Restore",{"id":177,"name":178,"tactic":179},"D3-NTF","Network Traffic Filtering",{"name":68},{"id":181,"name":182,"tactic":183},"D3-CTS","Credential Transmission Scoping",{"name":68},[],[],[],[],[],[],"2026-06-25T23:29:03.046Z","2026-06-26T12:30:58.329Z","PUBLISHED",{"cisa_kev":194,"cisa_ransomware":194,"cisa_vendor":9,"epss_severity":195,"epss_score":196,"severity":197,"severity_score":198,"severity_version":199,"severity_source":200,"severity_vector":201,"severity_status":192},false,"low",0.00242,"critical",9.2,"v4.0","cve.org","CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[203],{"url":204,"sources":205,"tags":206},"https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/VA/white/2026/va-26-176-01.json",[200],[],[],{"date":209,"score":196,"percentile":210},"2026-06-26",0.15259,[212],{"date":209,"score":196,"percentile":210},[214],{"source":200,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":215,"cvss_v4_0":221},{"baseScore":216,"baseSeverity":217,"vectorString":218,"impactScore":219,"exploitabilityScore":220},8.1,"HIGH","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",9.8,5.6,{"baseScore":198,"baseSeverity":222,"vectorString":201,"impactScore":9,"exploitabilityScore":9},"CRITICAL",[224],{"ecosystem":9,"name":225,"vendor":226,"product":227,"cpe_part":228,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":229},"Setracker2 Parental Control App (Android) package com.tgelec.setracker","shenzhen i365-tech co. ltd.","setracker2 parental control app (android) package com.tgelec.setracker","a",[230],{"version":231,"is_range":232,"range_type":200,"version_start":9,"version_start_type":9,"version_end":233,"version_end_type":234,"fixed_in":9},"\u003C= 3.1.5",true,"3.1.5","including"]