CWE-926
Improper Export of Android Application Components
VariantIncomplete
Description
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (59)
page 3 of 3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-8257 | Med | 0.34 | 5.3 | 0.00 | Jul 28, 2025 | A vulnerability classified as problematic was found in Lobby Universe Lobby App up to 2.8.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.maverick.lobby. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-8210 | Med | 0.34 | 5.3 | 0.00 | Jul 26, 2025 | A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-8207 | Med | 0.34 | 5.3 | 0.00 | Jul 26, 2025 | A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.canarabank.mobility. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-7940 | Med | 0.34 | 5.3 | 0.00 | Jul 21, 2025 | A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.house.auscat. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-7893 | Med | 0.34 | 5.3 | 0.00 | Jul 20, 2025 | A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresightnews.appa. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-7892 | Med | 0.34 | 5.3 | 0.00 | Jul 20, 2025 | A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown part of the file AndroidManifest.xml of the component de.idnow. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-7891 | Med | 0.34 | 5.3 | 0.00 | Jul 20, 2025 | A vulnerability was found in InstantBits Web Video Cast App up to 5.12.4 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.instantbits.cast.webvideo. The manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-7890 | Med | 0.34 | 5.3 | 0.00 | Jul 20, 2025 | A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.dunamu.stockplus. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-7889 | Med | 0.34 | 5.3 | 0.00 | Jul 20, 2025 | A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component caller.id.phone.number.block. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-5346 | Med | 0.33 | — | 0.00 | Jul 17, 2025 | Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file. This issue affects all versions before 1.3.3. | |
| CVE-2023-41821 | Med | 0.33 | 5.0 | 0.00 | May 3, 2024 | A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information. | |
| CVE-2023-41816 | Med | 0.33 | 5.0 | 0.00 | May 3, 2024 | An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. | |
| CVE-2023-41829 | Med | 0.33 | 5.0 | 0.00 | Mar 4, 2024 | An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization. | |
| CVE-2023-41827 | Med | 0.33 | 5.1 | 0.00 | Mar 4, 2024 | An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI. | |
| CVE-2023-41822 | Med | 0.31 | 4.8 | 0.00 | May 3, 2024 | An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. | |
| CVE-2023-41823 | Med | 0.29 | 4.4 | 0.00 | May 3, 2024 | An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. | |
| CVE-2024-6051 | Med | 0.28 | — | 0.00 | Sep 30, 2024 | Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13. | |
| CVE-2024-3479 | Low | 0.18 | 2.8 | 0.00 | May 3, 2024 | An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data. | |
| CVE-2024-27086 | Low | 0.18 | 3.9 | 0.00 | Apr 16, 2024 | The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android (e.g., MAUI) using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer Android device can cause local denial of service against applications that were built using MSAL.NET for authentication on the same device (i.e., prevent the user of the legitimate application from logging in) due to incorrect activity export configuration. MSAL.NET version 4.60.1 includes the fix. As a workaround, a developer may explicitly mark the MSAL.NET activity non-exported. |