CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21041
https://notcve.org/view.php?id=CVE-2025-21041
03 Sep 2025 — Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=09 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2025-9695 – GalleryVault Gallery Vault App com.thinkyeah.galleryvault AndroidManifest.xml improper export of android application components
https://notcve.org/view.php?id=CVE-2025-9695
30 Aug 2025 — A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used. • https://github.com/KMov-g/androidapps/blob/main/com.thinkyeah.galleryvault.md • CWE-926: Improper Export of Android Application Components •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2025-9677 – Modo Legend of the Phoenix com.duige.hzw.multilingual AndroidManifest.xml improper export of android application components
https://notcve.org/view.php?id=CVE-2025-9677
29 Aug 2025 — A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. • https://github.com/KMov-g/androidapps/blob/main/com.duige.hzw.multilingual.md • CWE-926: Improper Export of Android Application Components •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2025-9675 – Voice Changer App com.tuyangkeji.changevoice AndroidManifest.xml improper export of android application components
https://notcve.org/view.php?id=CVE-2025-9675
29 Aug 2025 — A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. • https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md • CWE-926: Improper Export of Android Application Components •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2025-9674 – Transbyte Scooper News App com.hatsune.eagleee AndroidManifest.xml improper export of android application components
https://notcve.org/view.php?id=CVE-2025-9674
29 Aug 2025 — A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. • https://github.com/KMov-g/androidapps/blob/main/com.hatsune.eagleee.md • CWE-926: Improper Export of Android Application Components •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-9449
https://notcve.org/view.php?id=CVE-2018-9449
03 Dec 2024 — In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En process_service_search_attr_rsp de sdp_discovery.cc, existe una posible lectura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar la divulgación de información local sin necesidad de privilegios d... • https://source.android.com/docs/security/bulletin/pixel/2018-08-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-9441
https://notcve.org/view.php?id=CVE-2018-9441
03 Dec 2024 — In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. En sdp_copy_raw_data de sdp_discovery.cc, existe una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría provocar la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/docs/security/bulletin/pixel/2018-08-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2018-9435
https://notcve.org/view.php?id=CVE-2018-9435
02 Dec 2024 — In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En gatt_process_error_rsp de gatt_cl.cc, existe una posible lectura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/docs/security/bulletin/pixel/2018-08-01 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2018-9430
https://notcve.org/view.php?id=CVE-2018-9430
02 Dec 2024 — In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. En prop2cfg de btif_storage.cc, existe una posible escritura fuera de los límites debido a una comprobación de los límites incorrecta. Esto podría provocar la ejecución remota de código sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9426
https://notcve.org/view.php?id=CVE-2018-9426
02 Dec 2024 — In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard. En RsaKeyPairGenerator::getNumberOfIterations de RSAKeyPairGenerator.java, una implementación incorrecta podría provocar... • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-331: Insufficient Entropy •