CVE-2023-43488

The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

CVE-2023-45321

The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

CVE-2023-4617

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions...

CVE-2021-33699

Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unauthorized attacker or malware to takeover legitimate apps and to steal user's sensitive information...

CVE-2022-33274

Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication...

CVE-2026-20972

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB...

CVE-2026-20972

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB...

CVE-2026-20972

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB...

CVE-2026-20972

CVE-2026-20972 corresponds to Samsung’s SVE-2025-2255. Description: Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB. Connected docs indicate this is addressed by a Samsung patch in the SMR Jan-2026 Release 1, descri...

PT-2026-2053

Name of the Vulnerable Software and Affected Versions UwbTest versions prior to SMR Jan-2026 Release 1 Description The application improperly exports Android components, potentially allowing a local attacker to enable Ultra-Wideband UWB functionality. Recommendations Update UwbTest to SMR Jan-202...

Who Benefited from the Aisuru and Kimwolf Botnets?

Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators and services th...

yintibao Fun Print Mobile Unauthorized Access via Context Hijacking

Vulnerability Details Affected Vendor: yintibao Affected Product: Fun Print Mobile Affected Version: 6.05.15 Platform: ARM64 - Android CWE Classification: CWE-926: Improper Export of Android Application Components CVE ID: CVE-2025-15464 2. Vulnerability Description Exported Activity allows...

CVE-2025-62224

User interface ui misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network...

CVE-2025-62224

User interface ui misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network...

CVE-2025-62224

CVE-2025-62224 affects Microsoft Edge for Android. The issue is a UI misrepresentation of critical information in the browser, enabling a network-based spoofing scenario by an authorized attacker. Documented impact is spoofing of the user interface with low to medium severity in various sources; ...

CVE-2025-62224 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

...

CVE-2025-62224 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

...

CVE-2013-6792

Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability...

CVE-2019-16253

The Text-to-speech Engine aka SamsungTTS application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755...