CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106 matches found

CVE-2026-0082

In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00165EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:15 a.m.•7 views

CVE-2019-2120

In OatFileAssistant::GenerateOatFile of oatfileassistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product:...

7.8CVSS7.4AI score0.00173EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:36 a.m.•5 views

CVE-2024-34734

In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS7.1AI score0.00086EPSS

Exploits0References1

RedhatCVE•added 2025/12/09 5:27 p.m.•2 views

CVE-2025-48629

In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.8AI score0.00072EPSS

Exploits0References1

NVD•added 2025/12/08 5:16 p.m.•21 views

CVE-2025-48629

7.8CVSS0.00072EPSS

Exploits0References1

Cvelist•added 2025/12/08 4:57 p.m.•20 views

CVE-2025-48629

0.00072EPSS

Exploits0References1

Vulnrichment•added 2025/12/08 4:57 p.m.•1 views

CVE-2025-48629

6.4AI score0.00072EPSS

Exploits0References1

CVE•added 2025/12/08 4:57 p.m.•16 views

CVE-2025-48629

CVE-2025-48629 affects the Android framework component in which the insecure default for the default speech recognizer app can be exploited via the VoiceInteractionManagerService.findAvailRecognizer. The root cause is an insecure default value in this method, enabling local privilege escalation w...

7.8CVSS6.4AI score0.00072EPSS

Exploits0References1Affected Software1

OSV•added 2025/12/01 12:0 a.m.•8 views

ASB-A-352518318

7.8CVSS6.7AI score0.00072EPSS

Exploits0References1

RedhatCVE•added 2025/11/05 6:54 a.m.•12 views

CVE-2025-20730

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141...

6.7CVSS6.7AI score0.00068EPSS

Exploits0References1

NVD•added 2025/11/04 7:15 a.m.•10 views

CVE-2025-20730

6.7CVSS0.00068EPSS

Exploits0References1

CVE•added 2025/11/04 6:19 a.m.•15 views

CVE-2025-20730

CVE-2025-20730 concerns MediaTek’s MediaTek ALPS preloader with an insecure default value that can enable local elevation of privilege. The vulnerability allows a scenario where a user with System privileges could escalate further without user interaction. The CVE is documented across multiple fe...

6.7CVSS6.3AI score0.00068EPSS

Exploits0References1Affected Software4

Vulnrichment•added 2025/11/04 6:19 a.m.•3 views

CVE-2025-20730

6.3AI score0.00068EPSS

Exploits0References1