CVE-2025-20991

Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable...

CVE-2025-20991

CVE-2025-20991 affects Android Bluetooth components, where improper export of Android application components enables local attackers to make devices discoverable. The issue is tied to Samsung/Android deployments prior to SMR Jun-2025 Release 1. Root cause: improper component export in Bluetooth h...

CVE-2025-20991

Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable...

CVE-2024-28745

Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displaye...

CVE-2024-25731

The Elink Smart eSmartCam com.cn.dq.ipc application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data e.g., over Wi-Fi...

CVE-2024-0390

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit...

CVE-2024-12420

The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-34405

Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app...

CVE-2024-20860

Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission...

CVE-2024-46963

The com.superfast.video.downloader aka Super Unlimited Video Downloader - All in One application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component...

CVE-2024-40096

The com.cascadialabs.who aka Who - Caller ID, Spam Block application 15.0 for Android places sensitive information in the system log...

CVE-2024-53934

The com.windymob.callscreen.ringtone.callcolor.colorphone aka Color Phone Call Screen Themes application through 1.1.2 for Android enables any application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivi...

CVE-2024-53932

The com.remi.colorphone.callscreen.calltheme.callerscreen aka Color Phone: Call Screen Theme application through 21.1.9 for Android enables any application with no permissions to place phone calls without user interaction by sending a crafted intent via the...

CVE-2024-50657

An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method...

CVE-2024-46964

The com.video.downloader.all aka All Video Downloader application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component...

CVE-2023-32609

Improper access control in the Intel UniteR android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2023-42468

The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application without any permissions can craft an...

CVE-2023-41960

The vulnerability allows an unprivilegeduntrusted third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself...

CVE-2023-38411

Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-36621

An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing...