CVE-2025-52580

The vulnerability CVE-2025-52580 affects the region PAY App for Android (Gift Pad Co., Ltd.) prior to version 1.5.28. Cause: insertion of sensitive information into log files (CWE-532). Impact: sensitive user data could be exposed to an attacker who gains access to application logs. Mitigation: u...

JVN#07825095: "region PAY" App for Android vulnerable to insertion of sensitive information into log file

"region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability. Insertion of sensitive information into log file CWE-532 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 2.4 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 2.4...

CVE-2025-7940

CVE-2025-7940 affects Genshin Albedo Cat House App version 1.0.2 on Android, specifically the AndroidManifest.xml handling in component com.house.auscat. The vulnerability is described as improper export of Android application components due to a manipulation of the manifest, enabling local acces...

CVE-2025-7940 Genshin Albedo Cat House App com.house.auscat AndroidManifest.xml improper export of android application components

A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.house.auscat. The manipulation leads to improper export of android...

PT-2025-30287 · Unknown +1 · Com.Enflick.Android.Tn2Ndline +1

Name of the Vulnerable Software and Affected Versions: com.enflick.android.tn2ndLine versions through 24.17.1.0 Description: The com.enflick.android.tn2ndLine application for Android allows any installed application, without requiring permissions, to initiate phone calls without user interaction...

CVE-2025-43976

CVE-2025-43976 affects com.enflick.android.tn2ndLine up to version 24.17.1.0 on Android. The vulnerability allows any installed app (no permissions required) to initiate a phone call by sending a crafted intent to com.enflick.android.TextNow.activities.DialerActivity, enabling local interaction w...

CVE-2025-43977

The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.skt.prod.dialer.activities.outgoingcall.OutgoingCallInternalBroadcaster component...

CVE-2025-43976

The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component...

CVE-2025-43976

The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component...

CVE-2025-43977

The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.skt.prod.dialer.activities.outgoingcall.OutgoingCallInternalBroadcaster component...

CVE-2025-7890

A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.dunamu.stockplus. The manipulation leads to improper export of android...

CVE-2025-7891

A vulnerability was found in InstantBits Web Video Cast App up to 5.12.4 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.instantbits.cast.webvideo. The manipulation leads to improper export of...

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

CVE-2025-2818

Technical details such as affected components, root cause, vulnerable versions, or remediation are not publicly disclosed in the provided documents. Monitor for updates from Lenovo/Motorola advisories and Red Hat for this CVE.

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

PT-2025-29957 · Google +1 · Android +1

Name of the Vulnerable Software and Affected Versions: Motorola Smart Connect Android Application version 1.0 Description: A vulnerability exists in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application. This could allow a nearby attacke...

Motorola Smart Connect Android Application Vulnerability - Lenovo Support US

No description provided...

CVE-2025-52883

Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...

CVE-2025-52883

Meshtastic-Android prior to version 2.5.21 is vulnerable: an attacker can send an unencrypted direct message impersonating another node, which is displayed in the victim’s chat as PKC-secured due to a forged green padlock. The victim may trust and read the attacker’s message as legitimate. Versio...

CVE-2025-20991

Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable...