Search Results (625 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-10716 2 Creality, Google 2 Cloud App, Android 2026-04-15 5.3 Medium
A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-12399 2026-04-15 7.1 High
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication.
CVE-2024-3479 2026-04-15 2.8 Low
An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data.
CVE-2024-25655 2026-04-15 6.5 Medium
Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP.
CVE-2025-24843 2026-04-15 5.1 Medium
Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data.
CVE-2025-10721 2 Google, Webull 2 Android, Investing & Trading App 2026-04-15 5.3 Medium
A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-41817 2026-04-15 2.8 Low
An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information.
CVE-2023-41821 2026-04-15 5 Medium
A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information. 
CVE-2024-56969 2026-04-15 6.5 Medium
An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56972 2026-04-15 6.5 Medium
An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2023-41828 2026-04-15 4.4 Medium
An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider.  
CVE-2023-47165 2026-04-15 6 Medium
Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local access.
CVE-2025-8275 2 Bsc, Google 2 Peru Cocktails App, Android 2026-04-15 5.3 Medium
A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.peru_cocktails. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVE-2023-41816 2026-04-15 5 Medium
An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. 
CVE-2024-36437 2026-04-15 6.5 Medium
The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component.
CVE-2025-33176 1 Nvidia 1 Runai 2026-04-15 6.2 Medium
NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure.
CVE-2025-9097 2026-04-15 5.3 Medium
A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cic_prod.bad. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-3480 2026-04-15 2.8 Low
An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data.
CVE-2024-10943 1 Rockwellautomation 1 Factorytalk Updater 2026-04-15 9.1 Critical
An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.
CVE-2025-8513 1 Caixin 1 News App 2026-04-15 5.3 Medium
A vulnerability, which was classified as problematic, was found in Caixin News App 8.0.1 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.caixin.news. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.