CVE-2021-0979

In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges...

EUVD-2025-201741

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48628

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-376462130

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2025-43501

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Framework component of Android operating systems related to insufficient protection of sensitive data. Exploitation may allow an attacker to disclose protected informatio...

EUVD-2025-27042

Malicious code in bioql PyPI...

EUVD-2021-3598

Malicious code in bioql PyPI...

CVE-2025-48529

In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26453

In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48529

The CVE-2025-48529 issue affects VoicemailNotificationSettingsUtil.java, specifically the setRingtoneUri function, causing a cross-user data leak (confused deputy) that can disclose local information without extra privileges. Exploitation requires no user interaction and is local. The connected d...

CVE-2025-26424

In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26453

In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26453

In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26453

CVE-2025-26453 concerns a cross-user information disclosure in Android Bluetooth code (BluetoothOppSendFileInfo.java) due to a logic error in isContentUriForOtherUser. The issue enables local information disclosure with no extra execution privileges and does not require user interaction. The prim...

CVE-2025-26424

In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26424

In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2025-36009

Name of the Vulnerable Software and Affected Versions: VpnManager.java affected versions not specified Description: Multiple functions within VpnManager.java contain a logic error that may result in cross-user data leakage, potentially leading to local information disclosure. Exploitation does no...

PT-2025-36023

Name of the Vulnerable Software and Affected Versions: BluetoothOppSendFileInfo.java affected versions not specified Description: A logic error exists in the isContentUriForOtherUser function within BluetoothOppSendFileInfo.java, potentially leading to a cross-user data leak. This issue could...

CVE-2024-31319

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...

PT-2024-23967 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a possible cross-user data leak due to a confused deputy in the updateNotificationChannelFromPrivilegedListener function of NotificationManagerService.java. This cou...