Edward Warren

72 exploits Active since Jun 2023
CVE-2023-46447 NOMISEC MEDIUM WRITEUP
POPS! Rebel 5.0 - Cleartext Transmission of Sensitive Information via BLE
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.
1 stars
CVSS 4.3
CVE-2025-68713 WRITEUP HIGH WRITEUP
Rakuten Send Anywhere for Android 23.2.9 - Unauthenticated Arbitrary File Download and Code Execution
An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.
CVSS 8.0
CVE-2025-68712 WRITEUP MEDIUM WRITEUP
SpSoft AppLock 7.9.40 - Authentication Bypass via Insecure Interface Navigation
SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce authentication. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can exit the lock interface without re-authentication and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation.
CVSS 5.5
CVE-2025-68712 WRITEUP MEDIUM WRITEUP
SpSoft AppLock 7.9.40 - Authentication Bypass via Insecure Interface Navigation
SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce authentication. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can exit the lock interface without re-authentication and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation.
CVSS 5.5
CVE-2025-68708 WRITEUP LOW WRITEUP
SailingLab AppLock 4.3.8 - Unauthenticated PIN Lock Bypass via Insecure Intent Navigation
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can evade lockscreen verification and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation.
CVSS 2.4
CVE-2025-68709 WRITEUP MEDIUM WRITEUP
SailingLab AppLock 4.3.8 - Arbitrary JavaScript Execution via BrowserMainActivity
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege escalation.
CVSS 5.2
CVE-2025-68710 WRITEUP LOW WRITEUP
Easyelife App lock 1.9.2 - Unauthenticated PIN Lock Bypass via Insecure Navigation Flows
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can evade lockscreen verification and access protected apps (e.g., Chrome), resulting in information disclosure and privilege escalation.
CVSS 2.4
CVE-2025-68711 WRITEUP LOW WRITEUP
AppLockZ App Lock and Fingerprint Lock 4.2.11 - Unauthenticated PIN Lock Bypass via Insecure Navigation
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents, an attacker can evade lockscreen verification and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation.
CVSS 2.4
CVE-2025-68708 WRITEUP LOW WRITEUP
SailingLab AppLock 4.3.8 - Unauthenticated PIN Lock Bypass via Insecure Intent Navigation
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can evade lockscreen verification and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation.
CVSS 2.4
CVE-2025-68709 WRITEUP MEDIUM WRITEUP
SailingLab AppLock 4.3.8 - Arbitrary JavaScript Execution via BrowserMainActivity
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege escalation.
CVSS 5.2
CVE-2025-68710 WRITEUP LOW WRITEUP
Easyelife App lock 1.9.2 - Unauthenticated PIN Lock Bypass via Insecure Navigation Flows
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can evade lockscreen verification and access protected apps (e.g., Chrome), resulting in information disclosure and privilege escalation.
CVSS 2.4
CVE-2025-68711 WRITEUP LOW WRITEUP
AppLockZ App Lock and Fingerprint Lock 4.2.11 - Unauthenticated PIN Lock Bypass via Insecure Navigation
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents, an attacker can evade lockscreen verification and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation.
CVSS 2.4
CVE-2024-25731 WRITEUP HIGH WRITEUP
Elink Smart eSmartCam 2.1.5 - Use of Hard-coded AES Encryption Keys
The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi).
CVSS 7.5
CVE-2024-31974 WRITEUP MEDIUM WRITEUP
Solarized FireDown Browser & Downloader 1.0.76 - XSS
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions).
CVSS 6.3
CVE-2024-36437 WRITEUP MEDIUM WRITEUP
TextNow <24.17.0.2 - Code Injection
The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component.
CVSS 6.5
CVE-2024-37574 WRITEUP HIGH WRITEUP
GriceMobile <4.5.2 - Code Injection
The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity.
CVSS 8.2
CVE-2024-37575 WRITEUP HIGH WRITEUP
Mister org.mistergroup.shouldianswer 1.4.264 - Unauthenticated Phone Call Placement via DefaultDialerActivity Intent
The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity component.
CVSS 7.5
CVE-2024-53933 WRITEUP MEDIUM WRITEUP
Color Call Theme & Call Screen <1.0.7 - RCE
The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.android.call.color.app.activities.DialerActivity component.
CVSS 6.3
CVE-2024-53934 WRITEUP HIGH WRITEUP
Color Phone Call Screen Themes <1.1.2 - RCE
The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivity component.
CVSS 7.7
CVE-2024-53935 WRITEUP MEDIUM WRITEUP
com.callos14.callscreen.colorphone <4.3 - Code Injection
The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callos14.callscreen.colorphone.DialerActivity component.
CVSS 6.5
CVE-2024-53936 WRITEUP MEDIUM WRITEUP
Color Phone Call Screen App <24 - RCE
The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.asianmobile.callcolor.ui.component.call.CallActivity component.
CVSS 6.3
CVE-2025-43976 WRITEUP MEDIUM WRITEUP
2ndline through 24.17.1.0 - Unauthenticated Phone Call Placement via Crafted Intent
The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component.
CVSS 5.5
CVE-2025-43977 WRITEUP MEDIUM WRITEUP
com.skt.prod.dialer through 12.5.0 - Unauthenticated Phone Call Placement via OutgoingCallInternalBroadcaster Intent
The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.skt.prod.dialer.activities.outgoingcall.OutgoingCallInternalBroadcaster component.
CVSS 5.5
CVE-2025-68718 WRITEUP MEDIUM WRITEUP
KAYSUS KS-WR1200 - Privilege Escalation
KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password. (Changing the management GUI password does not affect SSH/TELNET authentication.) Any LAN-adjacent attacker can trivially log in with root privileges.
CVSS 5.4
CVE-2025-68719 WRITEUP HIGH WRITEUP
KAYSUS KS-WR3600 <1.0.5.9.1 - Info Disclosure
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow, enabling credential recovery and potential full compromise of the device.
CVSS 8.8