CVE-2025-48580

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-48580

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-48580

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

EUVD-2025-201772

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-48580

Technical details about CVE-2025-48580 are not publicly provided in the supplied documents. Monitor for updates from Android bulletin and vendor advisories for complete root-cause, affected products, and fixes.

CVE-2025-48580

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-48580

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android, which stems from an issue with a logic error in the MediaBrowser.java file that could lead to background access rights...

EUVD-2021-23842

Malware in sbrugna...

EUVD-2023-25351

Malicious code in bioql PyPI...

CVE-2025-26440

In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21183

In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-31488 Plain Craft Launcher's custom homepage can use Internet Explorer to load web pages with the help of controls such as WebBrowser

Plain Craft Launcher PCL is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE...

Plain Craft Launcher 输入验证错误漏洞

Plain Craft Launcher is an open source software by Hex Dragon. Plain Craft Launcher suffers from an input validation error vulnerability that stems from a malicious homepage that may use IE to access web pages in the background...

CVE-2023-21183

In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21183

In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

PT-2023-17971 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: A logic error in the ForegroundUtils.java code allows for the potential reading of NFC tag data even when the app is in the background. This issue could lead to local escalation of privilege without...

CVE-2022-20446

In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

ASB-A-229793943

In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-29633

An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie...