23 matches found
EUVD-2026-33804
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2026-0094
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2026-0093
In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0094
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2026-0094
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2026-0096
In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0088
The CVE-2026-0088 affects Android’s CertInstaller.getCallingAppLabel, where a misleading or insufficient UI could allow hiding a sensitive security dialogue. This enables local privilege escalation with no extra privileges and no user interaction required for exploitation, as described across NVD...
CVE-2026-0093
Technical details for CVE-2026-0093 are not publicly available in the provided documents (no affected products, fixes, or exploit info). Monitor for updates from official sources.
PT-2026-45597
In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-473812391
In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2021-41861
The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted on both the...
Authorization Bypass
Signal K Server is vulnerable to Authorization Bypass. The vulnerability is due to misleading access request UI and trust of spoofable X-Forwarded-For headers, allowing attackers to impersonate trusted devices and request elevated permissions that administrators may unknowingly approve...
EUVD-2025-25852
Malicious code in bioql PyPI...
CVE-2025-0092
In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-0092
In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-0092
In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-0092
In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-0092
CVE-2025-0092 : A permission bypass exists in Android’s Bluetooth stack, specifically in handleBondStateChanged of AdapterService.java, caused by a misleading or insufficient UI. This can lead to information disclosure to a proximal attacker without additional execution privileges; exploitation r...
Microsoft Windows 安全漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows that stems from a misleading UI when handling .LNK files, which could lead to remote code execution...
CVE-2022-20271
In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...