CVE-2026-6830 Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...

CVE-2025-48565

In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-201780

In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-201788

In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48565

In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48555

In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48555

The CVE-2025-48555 entry concerns a vulnerability in the Android code path involving NotificationStation.java, where cross-profile information disclosure can occur due to a confused deputy. The impact is local privilege escalation without requiring additional execution privileges or user interact...

CVE-2025-22420

CVE-2025-22420 is a local elevation-of-privilege vulnerability in the Android Framework that could allow leaking audio files across user profiles due to a confused deputy. Exploitation is described as requiring no user interaction and being locally executable. The Android security bulletin and Re...

EUVD-2025-26824

Malicious code in bioql PyPI...

CVE-2025-48541

In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48541

In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48526

In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...

CVE-2025-48526

In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...

CVE-2025-48526

The CVE-2025-48526 affects ChooserActivity.java in Android’s Chooser component, where createMultiProfilePagerAdapter allows launching into another user profile due to improper input validation. The risk is local elevation of privilege with no required user interaction, and exploitation is local (...

CVE-2025-21037

Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability...

CVE-2025-21037

CVE-2025-21037 affects Samsung Notes before version 4.4.30.63. The issue is improper access control that can allow data access across multiple user profiles when physical access occurs and user interaction is required to trigger the flaw. Reported impact centers on confidentiality (data disclosur...

CVE-2025-22433

In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-22433

CVE-2025-22433 affects Android Framework: a logic error in canForward() of IntentForwarderActivity.java may bypass the cross-profile intent filter used in Work Profiles, enabling local privilege escalation without extra privileges or user interaction. Documents cite affected component and impact;...

CVE-2025-22433

In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-22433

In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...