PT-2026-45593

In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

EUVD-2026-12321

Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application...

CVE-2026-21002

Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application...

CVE-2025-58483

Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store...

EUVD-2017-5367

Malware in sbrugna...

PT-2025-35902

Name of the Vulnerable Software and Affected Versions GoodLock versions prior to 2.2.04.95 Description An improper component export in GoodLock allows local attackers to install arbitrary applications from the Galaxy Store. Recommendations Update GoodLock to version 2.2.04.95 or later...

CVE-2021-25388

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app...

CVE-2024-23710

In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

CVE-2024-23710

In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

SUSE CVE-2014-3502

Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent...

CVE-2022-1677

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct...

CVE-2021-25388

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app...

CVE-2021-25388

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app...

Input validation

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app...

CVE-2021-25388

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app...

CVE-2021-25388

Samsung Knox Core CVE-2021-25388 is described as an improper caller check vulnerability that, in Knox Core prior to SMR MAY-2021 Release 1, could let a local attacker install arbitrary third‑party apps. Connected sources (NVD, Red Hat, CNNCVD/CVE lists) corroborate: local access, low complexity, ...

Tasks application security vulnerability

Alex Baker Tasks is an application by Alex Baker Personal Developer, USA. It provides to-do lists and reminders. A security vulnerability exists in the Tasks application version before 9.7.3, which allows an arbitrary application on a device to add tasks without restriction...

CVE-2018-14992

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/USPhone/ASUSX0081:7.0/NRD90M/USPhone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm versionCode=1510500200, versionName=1.5.0.40171122 has an exposed interface...

CVE-2018-14992

The CVE-2018-14992 entry describes a vulnerability in the ASUS ZenFone 3 Max (Android 7.0) where a pre-installed platform app com.asus.dm exposes an exported service, com.asus.dm.installer.DMInstallerService. This service can be used by any co-located app to trigger the downloading and installati...

IRCCloud: [IRCCloud Android] XSS in ImageViewerActivity

Hi, I'd like to report HTML/JS injection in activity com.irccloud.android.activity.ImageViewerActivity which is exported: xml so can be launched by arbitrary apps installed on the same device. On the newest Androids could be exploited also by Android Instant Apps directly from a web-browser...