CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

RedhatCVE•added 2026/01/09 12:29 p.m.•1 views

CVE-2023-40111

In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of systemserver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS6.9AI score0.00026EPSS

Exploits0References1

RedhatCVE•added 2025/12/09 5:27 p.m.•3 views

CVE-2025-48573

In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.8AI score0.00006EPSS

Exploits0References1

EUVD•added 2025/12/08 4:57 p.m.•2 views

EUVD-2025-201775

7.8CVSS6.3AI score0.00006EPSS

Exploits0References3

Vulnrichment•added 2025/12/08 4:57 p.m.•1 views

CVE-2025-48573

6.4AI score0.00006EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-25132

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.0004EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-25453

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00039EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-25448

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00023EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 1:45 a.m.•2 views

CVE-2023-20964

In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS7AI score0.0004EPSS

Exploits0References1

CVE•added 2024/02/15 10:31 p.m.•4707 views

CVE-2023-40111

The provided documents only repeat the CVE description (MediaSessionRecord.java, possible local privilege escalation via a confused deputy) with no additional technical details, affected versions, or fixes. Public technical details are not available here; monitor for updates.

7.8CVSS7AI score0.00026EPSS

Exploits0References2Affected Software1

NVD•added 2023/08/14 10:15 p.m.•12 views

CVE-2023-21280

In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.4AI score0.00023EPSS

Exploits0References2

Cvelist•added 2023/08/14 9:6 p.m.•15 views

CVE-2023-21285

In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.4AI score0.00039EPSS

Exploits0References2

Vulnrichment•added 2023/08/14 9:6 p.m.•12 views

CVE-2023-21285

6.2AI score0.00039EPSS

Exploits0References2

Vulnrichment•added 2023/08/14 9:4 p.m.•9 views

CVE-2023-21280

6.6AI score0.00023EPSS

Exploits0References2

CVE•added 2023/08/14 9:4 p.m.•121 views

CVE-2023-21280

The CVE-2023-21280 issue affects Android’s MediaSessionRecord.java in setMediaButtonBroadcastReceiver, causing a possible permanent DoS via resource exhaustion. Exploitation requires local access (AV:L, PR:L) with no user interaction, and no additional privileges are needed. The initial entry and...

5.5CVSS5.4AI score0.00023EPSS

Exploits0References2Affected Software1