173 matches found
CVE-2025-8512 TVB Big Big Shop App hk.com.tvb.bigbigshop AndroidManifest.xml improper export of android application components
A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component hk.com.tvb.bigbigshop. The manipulation leads to improper export of android application...
CVE-2025-8512
CVE-2025-8512 affects TVB Big Big Shop App v2.9.0 on Android. The issue stems from improper handling of the AndroidManifest.xml in the component hk.com.tvb.bigbigshop, causing improper export of Android application components. Local-access exploitation is required; the exploit has been publicly d...
PT-2025-31789 · Tvb · Tvb Big Big Shop App
Name of the Vulnerable Software and Affected Versions: TVB Big Big Shop App version 2.9.0 Description: A problematic vulnerability has been identified in the TVB Big Big Shop App for Android. The issue involves improper export of Android application components due to unknown processing of the...
CVE-2025-8258
Summary of CVE-2025-8258 : Affects the Android app “Cool Mo Maigcal Number App” (version up to 1.0.3) and its AndroidManifest.xml handling for component com.sdmagic.number. The vulnerability allows improper export of Android components via a local attack path. Exploitation is indicated as publicl...
CVE-2025-8210
A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components...
CVE-2025-7940 Genshin Albedo Cat House App com.house.auscat AndroidManifest.xml improper export of android application components
A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.house.auscat. The manipulation leads to improper export of android...
CVE-2025-43976
The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component...
CVE-2025-7891
A vulnerability was found in InstantBits Web Video Cast App up to 5.12.4 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.instantbits.cast.webvideo. The manipulation leads to improper export of...
CVE-2025-7890
A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.dunamu.stockplus. The manipulation leads to improper export of android...
CVE-2022-20177
Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A...
CVE-2022-22286
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R11.0 and 2.6.30.5 in Android Q10.0 allows attackers to execute privileged action by hijacking and modifying the intent...
CVE-2022-41986
Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions...
CVE-2022-20283
In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233069336...
CVE-2022-20175
Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A...
CVE-2021-43544
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are...
CVE-2021-0442
In updateInfo of androidhardwareinputInputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-1045
Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A...
CVE-2020-6159
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting XSS attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This...
CVE-2020-27043
In nfcenabled of nfcmain.cc, there is a possible out of bounds read due to an incorrect increment. This could lead to local information disclosure via firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...
CVE-2020-0382
In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...