Lucene search
K

241 matches found

CVE
CVE
added 2025/09/04 6:34 p.m.34 views

CVE-2025-48546

CVE-2025-48546 affects SafeActivityOptions.java. The issue arises during checkPermissions, enabling a possible background activity launch due to a logic error. This can lead to local escalation of privilege with no additional execution privileges required, and no user interaction needed for explo...

7.8CVSS6.3AI score0.00086EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/09/04 6:33 p.m.29 views

CVE-2025-26464

CVE-2025-26464 is an elevation-of-privilege issue in Android tied to AppSearchManagerService.java (executeAppFunction). The described logic error could cause a background activity to launch, enabling local privilege escalation without user interaction. Documents consistently refer to this vulnera...

7.8CVSS6.3AI score0.00093EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/04 6:33 p.m.8 views

CVE-2025-26464

In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00093EPSS
Exploits0References2
NVD
NVD
added 2025/09/04 6:15 p.m.8 views

CVE-2025-26462

In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00079EPSS
Exploits0References2
OSV
OSV
added 2025/09/04 6:15 p.m.8 views

CVE-2025-26462

In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00079EPSS
Exploits0References2
OSV
OSV
added 2025/09/04 6:15 p.m.4 views

CVE-2025-26458

In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00086EPSS
Exploits0References2
NVD
NVD
added 2025/09/04 6:15 p.m.5 views

CVE-2025-26458

In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00086EPSS
Exploits0References2
NVD
NVD
added 2025/09/04 6:15 p.m.5 views

CVE-2025-26436

In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS0.00083EPSS
Exploits0References3
OSV
OSV
added 2025/09/04 6:15 p.m.5 views

CVE-2025-26436

In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS5.9AI score0.00083EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/04 5:15 p.m.1 views

CVE-2025-26462

In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.3AI score0.00079EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/04 5:15 p.m.7 views

CVE-2025-26462

In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00079EPSS
Exploits0References2
CVE
CVE
added 2025/09/04 5:15 p.m.432 views

CVE-2025-26462

CVE-2025-26462 corresponds to a logic error in AccessibilityServiceConnection.java that can cause a background activity launch and local privilege escalation without user interaction. Multiple trusted sources (NVD, Red Hat, OSV) confirm the Issue, with CVSS v3.1: Local, Low UI, High impact on con...

7.8CVSS6.3AI score0.00079EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/09/04 5:15 p.m.428 views

CVE-2025-26458

CVE-2025-26458 affects Android’s LocationProviderManager.java, where a logic error can trigger a background activity launch, enabling local elevation of privilege with no extra execution privileges or user interaction required. Multiple connected sources corroborate a local-privilege-escapable co...

7.8CVSS6.4AI score0.00086EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/04 5:15 p.m.7 views

CVE-2025-26458

In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00086EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/04 5:15 p.m.3 views

CVE-2025-26458

In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.4AI score0.00086EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/04 5:11 p.m.1 views

CVE-2025-26436

In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

6.3AI score0.00083EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/04 5:11 p.m.6 views

CVE-2025-26436

In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

0.00083EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/09/04 5:11 p.m.5 views

CVE-2025-26436

In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS5.7AI score0.00083EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/09/04 5:11 p.m.449 views

CVE-2025-26436

CVE-2025-26436 refers to a BAL bypass in Android’s PendingIntentRecord.clearAllowBgActivityStarts, enabling an application to launch an activity from the background and achieve local elevation of privilege without user interaction. Affected component: Android Framework (PendingIntentRecord.java)....

7.8CVSS6.3AI score0.00083EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.4 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to an unsafe default value in the onNullBinding function in RemoteFillService.java that causes background activity to start. An attacker can exploit th...

7.8CVSS7.1AI score0.00082EPSS
Exploits0References2
Rows per page
Query Builder