CVE Daily
← All tags

Tag: Android OS

All CVEs associated with "Android OS". Page 3/76 • 9114 CVEs.

Subscribe CVEs: RSS for “Android OS”  ·  RSS (High+Critical only)

About “Android OS”

A curated feed of “Android OS”-related CVEs appears below. We currently track 9114 CVEs for this tag (all time). In the last 365 days, 361 were published. Average CVSS is 6.8 (all time; 6.1 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-926 - Improper Export of Android Application Components, CWE-451 - User Interface (UI) Misrepresentation of Critical Information, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-10-02
Medium

CVE-2025-59406

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 cl…

CVSS: 6.2 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2025-59405

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a clea…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2025-59403

The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo device…

CVSS: 9.8 CWE: CWE-749 - Exposed Dangerous Method or Function View on NVD
2025-09-29
Medium

CVE-2025-57197

In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dyn…

CVSS: 6.0 CWE: CWE-284 - Improper Access Control View on NVD
2025-09-25
High

CVE-2025-59404

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partition…

CVSS: 7.5 CWE: CWE-1274 - Improper Access Control for Volatile Memory Containing Boot Code View on NVD
Critical

CVE-2025-59834

ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command…

CVSS: 9.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2025-09-23
Medium

CVE-2025-56146

Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity.

CVSS: 5.3 CWE: CWE-599 - Missing Validation of OpenSSL Certificate View on NVD
High

CVE-2025-10184

The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The us…

CVSS: 8.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2025-09-19
Medium

CVE-2025-10722

A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation result…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-10721

A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper expor…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-10718

A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of andr…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-10717

A vulnerability has been found in intsig CamScanner App 6.91.1.5.250711 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.intsig.ca…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-10716

A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Exe…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-10715

A security flaw has been discovered in APEUni PTE Exam Practice App up to 10.8.0 on Android. The impacted element is an unknown function of the file AndroidManifest.xml of the component com.ape_edica…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-09-16
Medium

CVE-2025-47967

Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

CVSS: 4.7 CWE: CWE-357 - Insufficient UI Warning of Dangerous Operations View on NVD
High

CVE-2025-10535

Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox 143.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-10530

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143.

CVSS: 6.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
2025-09-15
Unknown

CVE-2022-50338

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc->vma in race with munmap() In commit 720c24192404 ("ANDROID: binder: change down_write to down_read") bi…

CVSS: N/A CWE: N/A View on NVD
High

CVE-2022-50240

In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmap_lock for later use. This…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2025-09-10
High

CVE-2025-10201

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium securit…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-56466

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information.

CVSS: 7.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2025-10195

A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.seismic.doccenter. Such manipulation leads to impr…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-09-09
Medium

CVE-2025-5500

A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipula…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-09-05
Medium

CVE-2025-41408

Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbi…

CVSS: 4.3 CWE: CWE-939 - Improper Authorization in Handler for Custom URL Scheme View on NVD
2025-09-04
Medium

CVE-2025-22415

In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User in…

CVSS: 4.0 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2025-48551

In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional exe…

CVSS: 5.0 CWE: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy') View on NVD
High

CVE-2025-48543

In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional ex…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-26427

In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User int…

CVSS: 4.4 CWE: CWE-24 - Path Traversal: '../filedir' View on NVD
Medium

CVE-2025-26426

In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to lo…

CVSS: 5.1 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-26425

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of And…

CVSS: 4.0 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2025-36907

In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after…

CVSS: 7.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2025-36904

WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2025-36901

WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2025-36896

WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2025-09-03
Medium

CVE-2025-56139

LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before publishi…

CVSS: 5.3 CWE: CWE-449 - The UI Performs the Wrong Action View on NVD
Medium

CVE-2025-9867

Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Med…

CVSS: 5.4 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
Medium

CVE-2025-9865

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing…

CVSS: 5.4 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
Medium

CVE-2025-56608

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getI…

CVSS: 4.2 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
Medium

CVE-2025-21041

Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.

CVSS: 6.2 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2025-21035

Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2025-21030

Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the backgro…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2023-21482

Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Gal…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2023-21479

Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule.

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2023-21470

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2023-21469

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.

CVSS: 4.0 CWE: N/A View on NVD
2025-08-30
Medium

CVE-2025-9695

A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thin…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-08-29
Medium

CVE-2025-9677

A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual.…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-9676

A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to i…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-9675

A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing mani…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-9674

A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. Th…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-9673

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kaka…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-9672

A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulat…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-9671

A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation c…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-08-26
Critical

CVE-2025-55443

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device's external…

CVSS: 9.1 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
Medium

CVE-2025-25736

Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb)…

CVSS: 6.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2025-08-22
Medium

CVE-2025-55623

An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).

CVSS: 5.4 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
2025-08-21
Medium

CVE-2025-27213

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system.…

CVSS: 4.9 CWE: CWE-863 - Incorrect Authorization View on NVD
2025-08-19
Medium

CVE-2025-9186

Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142.

CVSS: 6.5 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
Medium

CVE-2025-8364

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating sys…

CVSS: 4.3 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
Critical

CVE-2025-8042

Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141.

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-8041

In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.

CVSS: 5.3 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
Medium

CVE-2025-9135

A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. The impacted element is an unknown function of the file…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-9134

A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.a…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-08-18
Medium

CVE-2025-9102

A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-9098

A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml. The manipulation leads to imprope…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-9097

A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the c…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-08-17
Medium

CVE-2025-9093

A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation lead…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-08-16
Medium

CVE-2025-38507

In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using bluetooth-connected con…

CVSS: 5.5 CWE: N/A View on NVD
2025-08-15
Medium

CVE-2025-43201

This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.

CVSS: 6.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2025-08-14
Medium

CVE-2025-50862

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a…

CVSS: 5.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-50861

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This poses a…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2025-08-13
High

CVE-2025-54809

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evalu…

CVSS: 7.4 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-08-12
Medium

CVE-2025-49755

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

CVSS: 4.3 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
Medium

CVE-2025-49736

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

CVSS: 4.3 CWE: CWE-449 - The UI Performs the Wrong Action View on NVD
2025-08-09
Medium

CVE-2025-8745

A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-08-08
Medium

CVE-2025-8707

A vulnerability was found in Huuge Box App 1.0.3 on Android. It has been classified as problematic. This affects an unknown part of the file AndroidManifest.xml of the component com.huuge.game.zjbox.…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-08-06
Low

CVE-2025-21024

Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.

CVSS: 3.3 CWE: N/A View on NVD
Low

CVE-2025-21023

Improper access control in WcsExtension for Galaxy Watch prior to Android Watch 16 allows local attackers to access sensitive information.

CVSS: 3.3 CWE: N/A View on NVD
Medium

CVE-2025-21016

Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2025-21014

Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.

CVSS: 4.3 CWE: N/A View on NVD
2025-08-04
Medium

CVE-2025-8524

A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the componen…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-8523

A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-08-03
Medium

CVE-2025-8513

A vulnerability, which was classified as problematic, was found in Caixin News App 8.0.1 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.caixin.news.…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-8512

A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the compon…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-07-29
Medium

CVE-2025-2179

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non administrative user to disable the app even if the Gl…

CVSS: 6.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2025-53649

"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user informat…

CVSS: 5.1 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2025-07-28
Medium

CVE-2025-8275

A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml o…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-8258

A vulnerability, which was classified as problematic, has been found in Cool Mo Maigcal Number App up to 1.0.3 on Android. Affected by this issue is some unknown functionality of the file AndroidMani…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-8257

A vulnerability classified as problematic was found in Lobby Universe Lobby App up to 2.8.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of t…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-07-26
Medium

CVE-2025-8210

A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.y…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-8207

A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-07-22
Low

CVE-2025-52580

Insertion of sensitive information into log file issue exists in "region PAY" App for Android prior to 1.5.28. If exploited, sensitive user information may be exposed to an attacker who has access to…

CVSS: 2.4 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2025-07-21
Medium

CVE-2025-7940

A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-43977

The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via th…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-43976

The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
2025-07-20
Medium

CVE-2025-7893

A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresigh…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-7892

A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown part of the file AndroidManifest.xml of the component de.idnow. The manipulation…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-7891

A vulnerability was found in InstantBits Web Video Cast App up to 5.12.4 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-7890

A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2025-7889

A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component call…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-07-17
Low

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetoo…

CVSS: 3.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
Medium

CVE-2025-5346

Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call…

CVSS: 5.1 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2025-07-09
High

CVE-2025-0141

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS a…

CVSS: 8.4 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2025-0140

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the Gl…

CVSS: 6.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-07-08
Medium

CVE-2025-21009

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21008

Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21007

Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2025-21006

Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.

CVSS: 7.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2025-21005

Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.

CVSS: 5.5 CWE: N/A View on NVD
2025-07-01
Medium

CVE-2025-45083

Incorrect access control in Ullu (Android version v2.9.929 and IOS version v2.8.0) allows attackers to bypass parental pin feature via unspecified vectors.

CVSS: 6.1 CWE: CWE-284 - Improper Access Control View on NVD
2025-06-27
Low

CVE-2025-6748

A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipula…

CVSS: 2.1 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2025-06-24
Medium

CVE-2025-52883

Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any o…

CVSS: 5.3 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
High

CVE-2025-52882

Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerabl…

CVSS: 8.8 CWE: CWE-1385 - Missing Origin Validation in WebSockets View on NVD
Medium

CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user…

CVSS: 6.5 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2025-6428

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox…

CVSS: 4.3 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2025-06-20
Medium

CVE-2025-32875

An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforc…

CVSS: 5.7 CWE: CWE-287 - Improper Authentication View on NVD
2025-06-18
Medium

CVE-2022-49976

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS The x86-android-tablets handling for the…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-49947

In the Linux kernel, the following vulnerability has been resolved: binder: fix alloc->vma_vm_mm null-ptr dereference Syzbot reported a couple issues introduced by commit 44e602b4e52f ("binder_allo…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-06-16
Medium

CVE-2025-2091

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making req…

CVSS: 5.4 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2025-06-06
Low

CVE-2025-5715

A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipula…

CVSS: 3.8 CWE: CWE-304 - Missing Critical Step in Authentication View on NVD