Lucene search
K

55 matches found

NVD
NVD
added 2026/05/09 11:16 p.m.33 views

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS0.00094EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/09 10:7 p.m.9 views

EUVD-2026-28944

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/09 10:7 p.m.52 views

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS0.00094EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/09 10:7 p.m.8 views

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References3
CVE
CVE
added 2026/05/09 10:7 p.m.21 views

CVE-2026-45182

Summary: CVE-2026-45182 affects GrapheneOS prior to 2026050400. A vulnerability arises from a registerQuicConnectionClosePayload optimization that lets a local attacker infer the real IP address of a VPN user when the device has both “Block connections without VPN” and “Always-on VPN” enabled, by...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/09 10:7 p.m.6 views

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.10 views

GrapheneOS 安全漏洞

GrapheneOS is a mobile operating system developed by GrapheneOS Inc. Prior versions of GrapheneOS, including 2026050400, contained security vulnerabilities. These vulnerabilities stemmed from the optimization of the registerQuicConnectionClosePayload function, which could allow attackers to...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.16 views

PT-2026-39421

Name of the Vulnerable Software and Affected Versions GrapheneOS versions prior to 2026050400 Description An optimization in the registerQuicConnectionClosePayload function allows attackers to discover the real IP address of a VPN user. This occurs because an application can cause the system serv...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References10
Wired Threat Level
Wired Threat Level
added 2026/04/21 10:0 a.m.8 views

They Built a Legendary Privacy Tool. Now They’re Sworn Enemies

There’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love between the two guys at the center of its history...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.10 views

PT-2026-4688

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00192EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.13 views

PT-2026-4683

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper input validation in multiple locations allows for the unauthorized revelation of images across different users. This issue can lead to local escalation ...

7.8CVSS5.6AI score0.00088EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.5 views

PT-2026-4701

Name of the Vulnerable Software and Affected Versions versions prior to 2026-0021 Description A cross-user permission bypass exists due to a confused deputy condition in the hasInteractAcrossUsersFullPermission function within the AppInfoBase.java file. This could allow for local escalation of...

8.4CVSS6.1AI score0.00098EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.11 views

PT-2026-4707

Name of the Vulnerable Software and Affected Versions ManagedServices affected versions not specified Description An issue exists in the setPackageOrComponentEnabled function of ManagedServices.java related to improper input validation. This can result in a notification policy desync, potentially...

8.4CVSS6.1AI score0.00096EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.8 views

PT-2026-4713

In multiple functions of ubsan throwing runtime.cpp, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00071EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.17 views

PT-2026-4702

Look at the security patch preview section of https://t.co/ySklSke3uy. These are from the upcoming patch levels: Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044 High: CVE-2025-22424, CVE-2025-22426, CVE-2025-32348, CVE-2025-48561, CVE-2025-48615,...

7.8CVSS6.1AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.4 views

PT-2026-4705

Name of the Vulnerable Software and Affected Versions versions prior to 2026-0025 Description A permissions bypass exists in the hasImage function of Notification.java, potentially allowing information disclosure across users. This could lead to local escalation of privilege without requiring...

6.1AI score0.00102EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.10 views

PT-2026-4687

In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00087EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.14 views

PT-2026-4704

In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

6.2AI score0.00094EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.7 views

PT-2026-4696

In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00094EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.10 views

PT-2026-4692

In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00098EPSS
Exploits0References3
Rows per page
Query Builder