CWE-926
26 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-926page 1 of 1
- CVE-2021-25379MEDIUMCVSS 4.0EG 4.02021-04-09
Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.
- CVE-2021-25388HIGHCVSS 7.1EG 7.12021-06-11
Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.
- CVE-2021-25390MEDIUMCVSS 4.0EG 4.02021-06-11
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
- CVE-2021-25391MEDIUMCVSS 4.0EG 4.02021-06-11
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
- CVE-2021-25397MEDIUMCVSS 6.8EG 5.52021-06-11
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
- CVE-2021-25400HIGHCVSS 7.8EG 7.82021-06-11
Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.
- CVE-2021-25526MEDIUMCVSS 4.0EG 5.52021-12-08
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.
- CVE-2021-25527LOWCVSS 3.8EG 3.32021-12-08
Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.
- CVE-2021-4438MEDIUMCVSS 5.3EG 5.32024-04-07
A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/r…
- CVE-2022-24929MEDIUMCVSS 4.1EG 3.32022-03-10
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
- CVE-2023-20962MEDIUMCVSS 5.5EG 5.52023-03-24
In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional executi…
- CVE-2023-21485MEDIUMCVSS 5.3EG 5.32023-05-04
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
- CVE-2023-21486MEDIUMCVSS 5.3EG 5.32023-05-04
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
- CVE-2023-30718MEDIUMCVSS 4.0EG 4.02023-09-06
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.
- CVE-2023-41816MEDIUMCVSS 5.0EG 5.02024-05-03
An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database.
- CVE-2023-41821MEDIUMCVSS 5.0EG 5.02024-05-03
A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information.
- CVE-2023-41822MEDIUMCVSS 4.8EG 4.82024-05-03
An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands.
- CVE-2023-41823MEDIUMCVSS 4.4EG 4.42024-05-03
An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities.
- CVE-2023-41827MEDIUMCVSS 5.1EG 5.12024-03-04
An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI.
- CVE-2023-41829MEDIUMCVSS 5.0EG 5.02024-03-04
An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.
- CVE-2023-41960HIGHCVSS 7.1EG 7.12023-10-25
The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application i…
- CVE-2023-44121MEDIUMCVSS 5.0EG 5.02023-09-27
The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device…
- CVE-2023-44129LOWCVSS 3.6EG 3.62023-09-27
The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this …
- CVE-2024-27086LOWCVSS 3.9EG 3.92024-04-16
The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android (e.g., MAUI) using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity v…
- CVE-2024-3479LOWCVSS 2.8EG 2.82024-05-03
An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data.
- CVE-2024-6051MEDIUMCVSS 4.3EG 0.02024-09-30
Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.
Map vulnerabilities like CWE-926 to your infrastructure
EchelonGraph correlates every CVE — across CWE-926 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →