VYPR

Vendor CVEs

Actuator

All CVEs

33 total · sorted by risk
  • CVE-2023-47883CriDec 27, 2023
    risk 0.64cvss 9.8epss 0.02

    The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.

  • CVE-2024-53932CriJan 6, 2025
    risk 0.59cvss 9.1epss 0.00

    The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the…

  • CVE-2024-53931CriJan 6, 2025
    risk 0.59cvss 9.1epss 0.00

    The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity…

  • CVE-2024-46962CriNov 11, 2024
    risk 0.59cvss 9.1epss 0.00

    The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component.

  • CVE-2024-46960HigNov 7, 2024
    risk 0.57cvss 8.8epss 0.00

    The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component.

  • CVE-2024-37573HigOct 30, 2024
    risk 0.55cvss 8.4epss 0.00

    The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.talkatone.vedroid.ui.launcher.OutgoingCallInterceptor component.

  • CVE-2024-23727HigMar 28, 2024
    risk 0.55cvss 8.4epss 0.01

    The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.

  • CVE-2024-37574HigDec 4, 2024
    risk 0.53cvss 8.2epss 0.00

    The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity.

  • CVE-2024-46966HigNov 11, 2024
    risk 0.53cvss 8.1epss 0.00

    The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component.

  • CVE-2024-46964HigNov 11, 2024
    risk 0.53cvss 8.1epss 0.00

    The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component.

  • CVE-2024-46963HigNov 11, 2024
    risk 0.53cvss 8.1epss 0.00

    The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component.

  • CVE-2024-46961HigNov 7, 2024
    risk 0.53cvss 8.1epss 0.00

    The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component.

  • CVE-2024-42041HigOct 30, 2024
    risk 0.53cvss 8.1epss 0.00

    The com.videodownload.browser.videodownloader (aka AppTool-Browser-Video All Video Downloader) application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component.

  • CVE-2025-68713HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files…

  • CVE-2024-53934HigJan 6, 2025
    risk 0.50cvss 7.7epss 0.00

    The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the…

  • CVE-2024-37575HigDec 4, 2024
    risk 0.49cvss 7.5epss 0.00

    The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity…

  • CVE-2024-36063HigNov 7, 2024
    risk 0.49cvss 7.5epss 0.00

    The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivity component.

  • CVE-2024-36437MedFeb 3, 2025
    risk 0.42cvss 6.5epss 0.00

    The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.…

  • CVE-2024-53935MedJan 6, 2025
    risk 0.42cvss 6.5epss 0.00

    The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callos14.callscreen.colorphone.Diale…

  • CVE-2023-34761MedJun 28, 2023
    risk 0.42cvss 6.5epss 0.01

    An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.

  • CVE-2024-53936MedJan 6, 2025
    risk 0.41cvss 6.3epss 0.00

    The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.asianmobile.callcolor.ui.component.call.CallActiv…

  • CVE-2024-53933MedJan 6, 2025
    risk 0.41cvss 6.3epss 0.00

    The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the…

  • CVE-2024-31974MedMay 17, 2024
    risk 0.41cvss 6.3epss 0.01

    The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and…

  • CVE-2024-36064MedNov 7, 2024
    risk 0.40cvss 6.2epss 0.00

    The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for Android allows any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.nll.cb.dialer.dialer.DialerActivity…

  • CVE-2025-68712MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to…

  • CVE-2024-46965MedNov 11, 2024
    risk 0.35cvss 5.4epss 0.00

    The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component.

  • CVE-2026-12190MedJun 14, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a…

  • CVE-2025-68709MedMay 26, 2026
    risk 0.34cvss 5.2epss 0.00

    SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI…

  • CVE-2023-46918MedDec 27, 2023
    risk 0.30cvss 4.6epss 0.00

    Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device.

  • CVE-2026-11411MedJun 6, 2026
    risk 0.29cvss 4.4epss 0.00

    A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _display_name results in path traversal. The attack requires a local approach. The…

  • CVE-2024-36062MedNov 7, 2024
    risk 0.26cvss 4.0epss 0.00

    The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callassistant.android.ui.call.incall.InCall…

  • CVE-2023-42469LowSep 13, 2023
    risk 0.21cvss 3.3epss 0.00

    The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity…

  • CVE-2025-68710LowMay 26, 2026
    risk 0.16cvss 2.4epss 0.00

    Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating…