CWE-926
Improper Export of Android Application Components
Description
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (61)
page 1 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-5344 | Hig | 0.55 | — | 0.00 | Jul 17, 2025 | Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image. … | ||
| CVE-2024-13917 | Hig | 0.54 | — | 0.00 | May 30, 2025 | An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no… | ||
| CVE-2025-68713 | Hig | 0.52 | 8.0 | 0.00 | Jun 15, 2026 | An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files… | ||
| CVE-2024-13916 | Med | 0.45 | — | 0.00 | May 30, 2025 | An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider's… | ||
| CVE-2024-13915 | Med | 0.45 | — | 0.00 | May 30, 2025 | Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" (version name: 1.0, version code: 1) exposes a… | ||
| CVE-2024-36437 | Med | 0.42 | 6.5 | 0.00 | Feb 3, 2025 | The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.… | ||
| CVE-2025-5345 | — | Med | 0.41 | — | 0.00 | Jul 17, 2025 | Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's… | |
| CVE-2026-44279 | Med | 0.36 | 5.5 | 0.00 | May 12, 2026 | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to improper access control via | ||
| CVE-2026-3291 | Med | 0.36 | 5.5 | 0.00 | May 6, 2026 | Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities. | ||
| CVE-2025-27599 | Med | 0.35 | 6.5 | 0.00 | Apr 18, 2025 | Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and… | ||
| CVE-2025-14517 | Med | 0.34 | 5.3 | 0.00 | Dec 11, 2025 | A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been… | ||
| CVE-2025-10722 | Med | 0.34 | 5.3 | 0.00 | Sep 19, 2025 | A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation results in improper export of android application components. The attack must be… | ||
| CVE-2025-10721 | Med | 0.34 | 5.3 | 0.00 | Sep 19, 2025 | A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The attack can only be executed locally.… | ||
| CVE-2025-10718 | Med | 0.34 | 5.3 | 0.00 | Sep 19, 2025 | A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of android application components. The attack needs to be approached locally. The… | ||
| CVE-2025-10717 | Med | 0.34 | 5.3 | 0.00 | Sep 19, 2025 | A vulnerability has been found in intsig CamScanner App 6.91.1.5.250711 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.intsig.camscanner. The manipulation leads to improper export of android application… | ||
| CVE-2025-10716 | Med | 0.34 | 5.3 | 0.00 | Sep 19, 2025 | A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Executing manipulation can lead to improper export of android application… | ||
| CVE-2025-10715 | Med | 0.34 | 5.3 | 0.00 | Sep 19, 2025 | A security flaw has been discovered in APEUni PTE Exam Practice App up to 10.8.0 on Android. The impacted element is an unknown function of the file AndroidManifest.xml of the component com.ape_edication. The manipulation results in improper export of android application… | ||
| CVE-2025-10195 | — | Med | 0.34 | 5.3 | 0.00 | Sep 10, 2025 | A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.seismic.doccenter. Such manipulation leads to improper export of android application components. An attack has to be approached… | |
| CVE-2025-5500 | Med | 0.34 | 5.3 | 0.00 | Sep 9, 2025 | A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application components. The attack… | ||
| CVE-2025-9695 | Med | 0.34 | 5.3 | 0.00 | Aug 30, 2025 | A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android… |
- risk 0.55cvss —epss 0.00
Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image. …
- risk 0.54cvss —epss 0.00
An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no…
- risk 0.52cvss 8.0epss 0.00
An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files…
- risk 0.45cvss —epss 0.00
An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider's…
- risk 0.45cvss —epss 0.00
Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" (version name: 1.0, version code: 1) exposes a…
- risk 0.42cvss 6.5epss 0.00
The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.…
- risk 0.41cvss —epss 0.00
Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's…
- risk 0.36cvss 5.5epss 0.00
A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to improper access control via
- risk 0.36cvss 5.5epss 0.00
Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.
- risk 0.35cvss 6.5epss 0.00
Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and…
- risk 0.34cvss 5.3epss 0.00
A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been…
- risk 0.34cvss 5.3epss 0.00
A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation results in improper export of android application components. The attack must be…
- risk 0.34cvss 5.3epss 0.00
A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The attack can only be executed locally.…
- risk 0.34cvss 5.3epss 0.00
A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of android application components. The attack needs to be approached locally. The…
- risk 0.34cvss 5.3epss 0.00
A vulnerability has been found in intsig CamScanner App 6.91.1.5.250711 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.intsig.camscanner. The manipulation leads to improper export of android application…
- risk 0.34cvss 5.3epss 0.00
A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Executing manipulation can lead to improper export of android application…
- risk 0.34cvss 5.3epss 0.00
A security flaw has been discovered in APEUni PTE Exam Practice App up to 10.8.0 on Android. The impacted element is an unknown function of the file AndroidManifest.xml of the component com.ape_edication. The manipulation results in improper export of android application…
- risk 0.34cvss 5.3epss 0.00
A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.seismic.doccenter. Such manipulation leads to improper export of android application components. An attack has to be approached…
- risk 0.34cvss 5.3epss 0.00
A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application components. The attack…
- risk 0.34cvss 5.3epss 0.00
A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android…