VYPR

CWE-926

Improper Export of Android Application Components

VariantIncomplete

Description

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (61)

page 3 of 4
  • CVE-2025-8258MedJul 28, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability, which was classified as problematic, has been found in Cool Mo Maigcal Number App up to 1.0.3 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.sdmagic.number. The manipulation leads to improper…

  • CVE-2025-8257MedJul 28, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as problematic was found in Lobby Universe Lobby App up to 2.8.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.maverick.lobby. The manipulation leads to improper export of…

  • CVE-2025-8210MedJul 26, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application…

  • CVE-2025-8207MedJul 26, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.canarabank.mobility. The manipulation leads to improper export of android…

  • CVE-2025-7940MedJul 21, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.house.auscat. The manipulation leads to improper…

  • CVE-2025-7893MedJul 20, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresightnews.appa. The manipulation leads to improper export of android application…

  • CVE-2025-7892MedJul 20, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown part of the file AndroidManifest.xml of the component de.idnow. The manipulation leads to improper export of android application components. Local access is…

  • CVE-2025-7891MedJul 20, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in InstantBits Web Video Cast App up to 5.12.4 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.instantbits.cast.webvideo. The manipulation leads to…

  • CVE-2025-7890MedJul 20, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.dunamu.stockplus. The manipulation leads to improper…

  • CVE-2025-7889MedJul 20, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component caller.id.phone.number.block. The manipulation leads to improper export of android…

  • CVE-2025-5346MedJul 17, 2025
    risk 0.33cvss epss 0.00

    Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode…

  • CVE-2023-41821MedMay 3, 2024
    risk 0.33cvss 5.0epss 0.00

    A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information. 

  • CVE-2023-41816MedMay 3, 2024
    risk 0.33cvss 5.0epss 0.00

    An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. 

  • CVE-2023-41829MedMar 4, 2024
    risk 0.33cvss 5.0epss 0.00

    An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.

  • CVE-2023-41827MedMar 4, 2024
    risk 0.33cvss 5.1epss 0.00

    An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI.

  • CVE-2023-41822MedMay 3, 2024
    risk 0.31cvss 4.8epss 0.00

    An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. 

  • CVE-2023-41823MedMay 3, 2024
    risk 0.29cvss 4.4epss 0.00

    An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. 

  • CVE-2024-6051MedSep 30, 2024
    risk 0.28cvss epss 0.00

    Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.

  • CVE-2024-3479LowMay 3, 2024
    risk 0.18cvss 2.8epss 0.00

    An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data.

  • CVE-2024-27086LowApr 16, 2024
    risk 0.18cvss 3.9epss 0.00

    The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android (e.g., MAUI) using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application…