CVE-2023-45844

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings ADB debug...

CVE-2023-30718

Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting...

CVE-2023-29759

An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files...

CVE-2023-28203

The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts...

CVE-2023-36620

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...

CVE-2023-47889

The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly...

CVE-2023-42471

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...

CVE-2022-21157

Improper access control in the IntelR Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access...

CVE-2025-5098

CVE-2025-5098 affects Mobile Dynamix PrinterShare Mobile Print (Android). Technical details from KoreLogic KL-001-2025-003 show the vulnerability arises in the Android app where Gmail OAuth tokens are captured and stored in plaintext, enabling token reuse to access a user’s Gmail account. The fla...

CVE-2022-46279

Improper access control in the IntelR Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-25841

Uncontrolled search path elements in the IntelR Datacenter Group Event Android application, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-41614

Insufficiently protected credentials in the IntelR ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-36367

Incorrect default permissions in the IntelR Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access...

CVE-2022-34910

An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device...

CVE-2022-30083

EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code remote...

CVE-2022-30691

Uncontrolled resource consumption in the IntelR Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2021-21385

Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed certificate as valid. Hostname verification ...

CVE-2021-27549

Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings Device screen...

CVE-2021-3898

Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker...

CVE-2021-40668

The Android application HTTP File Server Version 1.4.1 by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write...