Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
android api vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-16168
Origin Validation Error in temi Robox OS before 120, temi Android app up to 1.3.7931 allows remote malicious users to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors.
Robotemi Temi Firmware
8.1
CVSSv3
CVE-2020-5604
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
Mercari Mercari
7.5
CVSSv3
CVE-2020-15579
An issue exists on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020).
Google Android 8.0
Google Android 8.1
Google Android 9.0
Google Android 10.0
5.9
CVSSv3
CVE-2019-16252
Missing SSL Certificate Validation in the Nutfind.com application up to and including 3.9.12 for Android allows a man-in-the-middle malicious user to sniff and manipulate all API requests, including login credentials and location data.
Nutfind Nutfind
7.5
CVSSv3
CVE-2016-11058
The NETGEAR genie application prior to 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs.
Netgear Genie
5.3
CVSSv3
CVE-2017-18658
An issue exists on Samsung mobile devices with M(6.0) software. The multiwindow_facade API allows malicious users to cause a NullPointerException and system halt via an attempted screen touch of a non-existing display. The Samsung ID is SVE-2017-9383 (August 2017).
Google Android 6.0
7.5
CVSSv3
CVE-2017-18669
An issue exists on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017).
Google Android 7.0
Google Android 7.1.0
Google Android 7.1.1
Google Android 7.1.2
7.5
CVSSv3
CVE-2017-18679
An issue exists on Samsung mobile devices with M(6.0) software. SLocation can cause a system crash via a call to an API that is not implemented. The Samsung ID is SVE-2017-8285 (April 2017).
Google Android 6.0
4.3
CVSSv3
CVE-2019-5634
An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile applic...
Belwith-keeler Hickory Smart
8.3
CVSSv3
CVE-2019-9811
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird <...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Debian Debian Linux 8.0
Novell Suse Package Hub For Suse Linux Enterprise 12
Opensuse Leap 15.0
Opensuse Leap 15.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »