Lucene search
K

329 matches found

CVE
CVE
added 2026/06/01 9:14 p.m.35 views

CVE-2026-0048

Technical details for CVE-2026-0048 are not publicly provided in the supplied documents. The description notes a tapjacking/overlay issue with local privilege escalation, but no concrete affected products, versions, or fixes are disclosed. Monitor for updates.

6.8CVSS5.9AI score0.00075EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.37 views

CVE-2026-0046

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00076EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.9 views

CVE-2026-0036

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00072EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.7 views

CVE-2026-0036

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00072EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.33 views

CVE-2026-0036

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00072EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.23 views

CVE-2026-0036

CVE-2026-0036 describes a tapjacking vulnerability in StageCoordinator.java that could enable local privilege escalation via a tapjacking/overlay attack without user interaction. The issue allows exploitation with local access and is associated with the Android platform (Android Bulletin context ...

7.8CVSS5.9AI score0.00072EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.13 views

PT-2026-45610

Name of the Vulnerable Software and Affected Versions WindowManagerService affected versions not specified Description A tapjacking issue exists in the addWindow function of WindowManagerService.java, where a tapjacking or overlay attack—a technique where a malicious application overlays a...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References5
OSV
OSV
added 2026/06/01 12:0 a.m.10 views

ASB-A-405392600

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00072EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45580

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description An access control flaw exists within multiple functions of WindowState.java in the Framework component. This issue allows a tapjacking or overlay attack, where a user is tricked into acceptin...

7.2CVSS5.9AI score0.00073EPSS
Exploits0References5
OSV
OSV
added 2026/06/01 12:0 a.m.12 views

ASB-A-463364410

In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.8CVSS5.9AI score0.00075EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.9 views

ASB-A-443272513

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2CVSS5.9AI score0.00076EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 9:32 p.m.12 views

EUVD-2025-209948

AppLockZ App Lock and Fingerprint Lock applock.passwordfingerprint.applockz 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface...

5.8AI score0.00186EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/26 9:32 p.m.10 views

EUVD-2025-209945

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through...

5.8AI score0.0019EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 a.m.8 views

CVE-2025-68710

Easyelife App lock aka Fingerprint,Applock or locker.app.safe.applocker 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows -...

5.8AI score0.00179EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Due to a sequence of events controlled by the attacker, a JavaScript alert dialog with arbitrary although unstyled contents could be displayed over an uncontrolled web page of the attacker’s choice. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

4.3CVSS6.3AI score0.01622EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/02 6:42 p.m.4 views

CVE-2026-0007

In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.6CVSS6.1AI score0.00094EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/01 12:0 a.m.5 views

ASB-A-433251166

Bulletin has no description...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:18 a.m.6 views

CVE-2021-0446

In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-17225212...

7.3CVSS7.1AI score0.00117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:17 a.m.7 views

CVE-2021-0569

In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

5CVSS5.5AI score0.00114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:16 a.m.11 views

CVE-2021-0315

In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

7.3CVSS7.1AI score0.00282EPSS
Exploits0References1
Rows per page
Query Builder