VYPR
Vendor

Actuator

Products
34
CVEs
33
Across products
31
Status
Private

Products

34
View all 34 products →

Recent CVEs

33
View all 33 CVEs →
  • CVE-2023-47883CriDec 27, 2023
    risk 0.64cvss 9.8epss 0.02

    The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.

  • CVE-2024-53932CriJan 6, 2025
    risk 0.59cvss 9.1epss 0.00

    The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the…

  • CVE-2024-53931CriJan 6, 2025
    risk 0.59cvss 9.1epss 0.00

    The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity…

  • CVE-2024-46962CriNov 11, 2024
    risk 0.59cvss 9.1epss 0.00

    The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component.

  • CVE-2024-46960HigNov 7, 2024
    risk 0.57cvss 8.8epss 0.00

    The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component.

  • CVE-2024-37573HigOct 30, 2024
    risk 0.55cvss 8.4epss 0.00

    The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.talkatone.vedroid.ui.launcher.OutgoingCallInterceptor component.

  • CVE-2024-23727HigMar 28, 2024
    risk 0.55cvss 8.4epss 0.01

    The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.

  • CVE-2024-37574HigDec 4, 2024
    risk 0.53cvss 8.2epss 0.00

    The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity.

  • CVE-2024-46966HigNov 11, 2024
    risk 0.53cvss 8.1epss 0.00

    The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component.

  • CVE-2024-46964HigNov 11, 2024
    risk 0.53cvss 8.1epss 0.00

    The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component.

  • CVE-2024-46963HigNov 11, 2024
    risk 0.53cvss 8.1epss 0.00

    The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component.

  • CVE-2024-46961HigNov 7, 2024
    risk 0.53cvss 8.1epss 0.00

    The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component.

  • CVE-2024-42041HigOct 30, 2024
    risk 0.53cvss 8.1epss 0.00

    The com.videodownload.browser.videodownloader (aka AppTool-Browser-Video All Video Downloader) application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component.

  • CVE-2025-68713HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files…

  • CVE-2024-53934HigJan 6, 2025
    risk 0.50cvss 7.7epss 0.00

    The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the…

  • CVE-2024-37575HigDec 4, 2024
    risk 0.49cvss 7.5epss 0.00

    The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity…

  • CVE-2024-36063HigNov 7, 2024
    risk 0.49cvss 7.5epss 0.00

    The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivity component.

  • CVE-2024-36437MedFeb 3, 2025
    risk 0.42cvss 6.5epss 0.00

    The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.…

  • CVE-2024-53935MedJan 6, 2025
    risk 0.42cvss 6.5epss 0.00

    The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callos14.callscreen.colorphone.Diale…

  • CVE-2023-34761MedJun 28, 2023
    risk 0.42cvss 6.5epss 0.01

    An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.