Lucene search
K

1853 matches found

Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.15 views

CVE-2026-28577

In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00067EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.10 views

CVE-2026-28577

In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/01 9:14 p.m.32 views

CVE-2026-28577

CVE-2026-28577 corresponds to a tapjacking/overlay flaw in Android’s WindowManagerService.addWindow. The issue could permit local elevation of privilege with no extra execution privileges and without user action. CVSS 3.1 base metrics indicate Local, Low attack complexity and Low privileges requi...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.9 views

CVE-2026-0061

In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00073EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.31 views

CVE-2026-0061

In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00073EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.23 views

CVE-2026-0061

CVE-2026-0061 involves multiple functions of WindowState.java where a tapjacking/overlay condition could trick a user into accepting a permission. The issue allows local privilege escalation with no additional execution privileges and does not require user interaction for exploitation, per the pr...

5.9CVSS5.9AI score0.00073EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.8 views

CVE-2026-0061

In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00073EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.10 views

CVE-2026-0048

In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.30 views

CVE-2026-0048

In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00075EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.29 views

CVE-2026-0046

Technical details are not publicly available in the provided connected documents beyond the general CVE-2026-0046 description (InputInterceptor/Letterbox.java, tapjacking/overlay scenario). Monitor for updates.

6.2CVSS5.9AI score0.00076EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.35 views

CVE-2026-0046

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00076EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.8 views

CVE-2026-0048

In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/01 9:14 p.m.35 views

CVE-2026-0048

Technical details for CVE-2026-0048 are not publicly provided in the supplied documents. The description notes a tapjacking/overlay issue with local privilege escalation, but no concrete affected products, versions, or fixes are disclosed. Monitor for updates.

6.8CVSS5.9AI score0.00075EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.9 views

CVE-2026-0036

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00072EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.7 views

CVE-2026-0036

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00072EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.33 views

CVE-2026-0036

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00072EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.23 views

CVE-2026-0036

CVE-2026-0036 describes a tapjacking vulnerability in StageCoordinator.java that could enable local privilege escalation via a tapjacking/overlay attack without user interaction. The issue allows exploitation with local access and is associated with the Android platform (Android Bulletin context ...

7.8CVSS5.9AI score0.00072EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.13 views

PT-2026-45610

Name of the Vulnerable Software and Affected Versions WindowManagerService affected versions not specified Description A tapjacking issue exists in the addWindow function of WindowManagerService.java, where a tapjacking or overlay attack—a technique where a malicious application overlays a...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References5
OSV
OSV
added 2026/06/01 12:0 a.m.10 views

ASB-A-405392600

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00072EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.9 views

ASB-A-443272513

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2CVSS5.9AI score0.00076EPSS
Exploits0References2
Rows per page
Query Builder