Lucene search
K

372 matches found

OSV
OSV
added 2026/03/02 7:16 p.m.5 views

CVE-2025-48582

In multiple locations, there is a possible way to delete media without the MANAGEEXTERNALSTORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS5.9AI score0.00108EPSS
Exploits0References1
OSV
OSV
added 2026/03/02 7:16 p.m.3 views

CVE-2025-48579

In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS5.9AI score0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 7:16 p.m.7 views

CVE-2025-48578

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS0.00099EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 7:16 p.m.9 views

CVE-2025-48579

In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 7:16 p.m.8 views

CVE-2025-48582

In multiple locations, there is a possible way to delete media without the MANAGEEXTERNALSTORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/02 6:42 p.m.4 views

EUVD-2025-208204

In multiple locations, there is a possible way to delete media without the MANAGEEXTERNALSTORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 6:42 p.m.21 views

CVE-2025-48582

CVE-2025-48582 describes a local elevation-of-privilege in Android where media files can be deleted without MANAGE_EXTERNAL_STORAGE due to an intent redirect. The issue affects media-related components (MediaProvider/Media codecs) and can be exploited with local access and no user interaction. Th...

8.4CVSS6.1AI score0.00108EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/02 6:42 p.m.3 views

CVE-2025-48582

In multiple locations, there is a possible way to delete media without the MANAGEEXTERNALSTORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00108EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/02 6:42 p.m.4 views

CVE-2025-48579

In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.1AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/02 6:42 p.m.7 views

EUVD-2025-208203

In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00101EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/02 6:42 p.m.23 views

CVE-2025-48579

In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00101EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 6:42 p.m.24 views

CVE-2025-48579

CVE-2025-48579 involves a local elevation-of-privilege in Android’s MediaProvider.java where a proxy/Confused Deputy behavior could bypass the external storage write permission. The issue can allow a local attacker to gain elevated privileges without additional execution privileges or user intera...

8.4CVSS6.1AI score0.00101EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/02 6:42 p.m.4 views

CVE-2025-48579

In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00101EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/02 6:42 p.m.27 views

CVE-2025-48578

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

0.00099EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 6:42 p.m.22 views

CVE-2025-48578

CVE-2025-48578 is described across multiple sources as an elevation-of-privilege issue in Android’s MediaProvider.java, where a missing permission check could allow bypassing WRITE_EXTERNAL_STORAGE. The documented impact is local privilege escalation with no extra execution privileges required, a...

7.8CVSS6.1AI score0.00099EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.8 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by proxy obfuscation in multiple functions of MediaProvider.java that could potentially bypass the external storage write permission. An...

8.4CVSS5.8AI score0.00101EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/26 3:8 p.m.6 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

8.9CVSS6.6AI score0.02667EPSS
Exploits0References5
Huntr
Huntr
added 2026/02/25 11:32 a.m.15 views

Incomplete Fix for CVE-2026-1669: HDF5 External Storage File Disclosure in Legacy H5 Loading

Description Keras 3 patched CVE-2026-1669 HDF5 External Storage File Disclosure in the new .keras and .weights.h5 loading paths by adding verifydataset to check for dataset.external in H5IOStore. However, the legacy .h5 loading path keras/src/legacy/saving/legacyh5format.py was not patched. This...

7.5CVSS5.9AI score0.00298EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/02/23 5:59 p.m.15 views

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated,...

10CVSS7.2AI score0.99562EPSS
Exploits375
OSV
OSV
added 2026/02/18 10:41 p.m.8 views

GHSA-3M4Q-JMJ6-R34Q Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading

Summary TensorFlow / Keras continues to honor HDF5 “external storage” and ExternalLink features when loading weights. A malicious .weights.h5 or a .keras archive embedding such weights can direct loadweights to read from an arbitrary readable filesystem path. The bytes pulled from that path...

7.1CVSS6AI score0.00298EPSS
Exploits0References7
Rows per page
Query Builder