CVE-2026-20972

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB...

CVE-2026-20972

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB...

CVE-2026-20972

CVE-2026-20972 corresponds to Samsung’s SVE-2025-2255. Description: Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB. Connected docs indicate this is addressed by a Samsung patch in the SMR Jan-2026 Release 1, descri...

PT-2026-2053

Name of the Vulnerable Software and Affected Versions UwbTest versions prior to SMR Jan-2026 Release 1 Description The application improperly exports Android components, potentially allowing a local attacker to enable Ultra-Wideband UWB functionality. Recommendations Update UwbTest to SMR Jan-202...

Who Benefited from the Aisuru and Kimwolf Botnets?

Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators and services th...

yintibao Fun Print Mobile Unauthorized Access via Context Hijacking

Vulnerability Details Affected Vendor: yintibao Affected Product: Fun Print Mobile Affected Version: 6.05.15 Platform: ARM64 - Android CWE Classification: CWE-926: Improper Export of Android Application Components CVE ID: CVE-2025-15464 2. Vulnerability Description Exported Activity allows...

CVE-2025-62224

User interface ui misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network...

CVE-2025-62224

User interface ui misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network...

CVE-2025-62224 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

...

CVE-2025-62224 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

...

CVE-2025-62224

CVE-2025-62224 affects Microsoft Edge for Android. The issue is a UI misrepresentation of critical information in the browser, enabling a network-based spoofing scenario by an authorized attacker. Documented impact is spoofing of the user interface with low to medium severity in various sources; ...

CVE-2013-6792

Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability...

CVE-2019-16253

The Text-to-speech Engine aka SamsungTTS application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755...

CVE-2019-16248

The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image analogous to supported...

CVE-2019-16272

On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge adb enablement...

CVE-2019-16681

The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. When in physical possession of the device, opening local files is also possible. NOTE: As of...

CVE-2019-12365

The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12370

The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12369

The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12366

The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...