9907 matches found
CVE-2026-0047
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0047
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-9231
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0013
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0013
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0013
CVE-2026-0013 affects the DocumentsUI path in Android (Documents UI, DocumentsUI/Picker flow via PickActivity.setupLayout). The vulnerability allows a confused deputy to start any activity from within a DocumentsUI app, enabling local privilege elevation without extra execution privileges or user...
CVE-2025-48646
In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
EUVD-2025-208220
In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-48635
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-208214
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48635
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48635
CVE-2025-48635 affects Google Android, with a logic error in multiple paths of TaskFragmentOrganizerController.java that leaks an activity token. The vulnerability can enable local elevation of privilege without additional execution privileges and without user interaction. The issue is described ...
CERTFR-2026-ACT-009
creationtimestamp| type| source ---|---|--- 2026-03-02 13:19:47+00:00| seen| https://bsky.app/profile/infosecfr.skyfleet.blue/post/3mg3dsgycpw2o 2026-03-02 13:38:14+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mg3etgtvxl2m 2026-03-02 13:38:16+00:00| seen|...
Malicious code in ng-vzbootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da191c637225627fd72d8ac07b5358e97dad12fa37eb8cd67aaff06686d5fbd6 The package ng-vzbootstrap was found to contain malicious code. Source: ghsa-malware 8e3edec659665a66e3b038b43eef43aa20405b14a4b4d47323636a8e3ae352aa...
Malicious code in dc-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b4a9ee6e67e1a649fe34c92b180cb1de89af4ac592d918fd7806dcc7aeccb53 The package dc-web-app was found to contain malicious code. Source: ghsa-malware eb1d0c37e10d0f166990673f475cf3b1686c9f8b8ffd25199d48e3ddc45edb85 Any...
PT-2026-22504
Name of the Vulnerable Software and Affected Versions MaxSite CMS versions up to 109.1 Description A code injection issue exists in MaxSite CMS due to a flaw in the eval function within the file application/maxsite/admin/plugins/editor markitup/preview-ajax.php of the MarkItUp Preview AJAX Endpoi...
PT-2026-22683
Name of the Vulnerable Software and Affected Versions ActivityManagerService affected versions not specified Description A flaw exists in the dumpBitmapsProto function within ActivityManagerService.java that may allow an application to access private information because of a missing permission...
ASB-A-447135012
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-465136263
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-457742426
In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...