CVE-2025-20906

CVE-2025-20906 affects Android Settings where improper export of components could allow local attackers to enable ADB prior to SMR Feb-2025 Release 1. Evidence from multiple sources (NVD/NCSC/Red Hat/CVE records) confirms the issue is a local-privilege/feature-impairment risk stemming from export...

CVE-2025-20906

Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB...

CVE-2025-20906

Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB...

CVE-2024-53931

The com.glitter.caller.screen aka iCaller, Caller Theme & Dialer application through 1.1 for Android enables any application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component...

CVE-2024-53931

The com.glitter.caller.screen aka iCaller, Caller Theme & Dialer application through 1.1 for Android enables any application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component...

CVE-2024-53934

The CVE-2024-53934 issue affects the Color Phone Call Screen Themes app (com.windymob.callscreen.ringtone.callcolor.colorphone) up to version 1.1.2 for Android. A crafted intent to the DialerActivity component (com.frovis.androidbase.call.DialerActivity) enables any other app, with no permissions...

CVE-2024-53936

The CVE-2024-53936 issue affects the Android app com.asianmobile.callcolor (Color Phone Call Screen App) up to version 24. The vulnerability arises from the CallActivity component, which can be invoked via a crafted intent by any application with no permissions, enabling unauthorized phone calls ...

CVE-2024-53935

The com.callos14.callscreen.colorphone aka iCall OS17 - Color Phone Flash application through 4.3 for Android enables any application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.callos14.callscreen.colorphone.DialerActivity component...

CVE-2023-4617 Gaining remote control over Govee devices

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

CVE-2021-39081

IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

PT-2024-11001 · Ibm · Ibm Cognos Analytics Mobile For Android

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics Mobile for Android version 1.1.14 Description: The issue concerns the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. There is no information...

JVN#08430039: "Shonen Jump+" App for Android fails to restrict custom URL schemes properly

"Shonen Jump+" App for Android provided by SHUEISHA INC. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a use...

CVE-2024-37575

The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.defaultdialer.DefaultDialerActivity component...

CVE-2024-40240

An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function...

CVE-2024-37573

The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.talkatone.vedroid.ui.launcher.OutgoingCallInterceptor component...

CVE-2024-34654

Samsung My Files prior to SMR Sep-2024 Release 1 is affected by an improper export of an Android application component, allowing local attackers to access files with My Files’ privilege. The issue arises from component export that grants access beyond intended boundaries, enabling potential expos...

CVE-2024-34641

CVE-2024-34641 relates to Samsung Android devices where the FeliCaTest component improperly exports an Android application component. This allows local attackers to enable NFC configuration. Affected software is FeliCaTest prior to the SMR Sep-2024 Release 1. The issue's root cause is improper co...

CVE-2024-34641

Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration...

PT-2024-5070 · Mcafee · Mcafee Security: Antivirus Vpn For Android

Name of the Vulnerable Software and Affected Versions: McAfee Security: Antivirus VPN for Android versions prior to 8.3.0 Description: The issue is related to improper exception handling, which could allow an attacker to cause a denial of service through the use of a malformed deep link. This can...

CVE-2024-35205

The WPS Office aka cn.wps.mofficeeng application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aimi...