CVE-2025-48570

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2024-29224

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed...

PT-2026-22687

Name of the Vulnerable Software and Affected Versions Versions prior to the fix for CVE-2024-31328 Description A logic error exists in the broadcastIntentLockedTraced function within BroadcastController.java that may allow for the launching of arbitrary activities from the background on a paired...

CVE-2025-22437

In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22437

CVE-2025-22437 is tied to a logic error in Android’s setMediaButtonReceiver across multiple files, enabling a background process to launch arbitrary activities and cause local privilege escalation without extra execution privileges or user interaction. The vulnerability is categorized as Elevatio...

CVE-2025-22437

In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-42531

CVE-2023-42531 concerns an improper access control in the SmsController prior to SMR Nov-2023 Release1. The vulnerability allows local attackers to bypass restrictions on starting activities from the background. Affected component: SmsController (Samsung Mobile/Samsung SMR release lineage). Root ...

PT-2023-27283 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a logic error in the code of CallRedirectionProcessor.java, specifically in the onBindingDied method. This error can lead to a permission bypass, resulting in...

ASB-A-205130886

In createPresentationContext of Presentation.java, there is a possible way to start a foreground activity from background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Code injection

A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is...

Design/Logic Flaw

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...