329 matches found
CVE-2026-0048
Technical details for CVE-2026-0048 are not publicly provided in the supplied documents. The description notes a tapjacking/overlay issue with local privilege escalation, but no concrete affected products, versions, or fixes are disclosed. Monitor for updates.
CVE-2026-0046
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0036
In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0036
In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0036
In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0036
CVE-2026-0036 describes a tapjacking vulnerability in StageCoordinator.java that could enable local privilege escalation via a tapjacking/overlay attack without user interaction. The issue allows exploitation with local access and is associated with the Android platform (Android Bulletin context ...
PT-2026-45610
Name of the Vulnerable Software and Affected Versions WindowManagerService affected versions not specified Description A tapjacking issue exists in the addWindow function of WindowManagerService.java, where a tapjacking or overlay attack—a technique where a malicious application overlays a...
ASB-A-405392600
In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-45580
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description An access control flaw exists within multiple functions of WindowState.java in the Framework component. This issue allows a tapjacking or overlay attack, where a user is tricked into acceptin...
ASB-A-463364410
In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-443272513
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-209948
AppLockZ App Lock and Fingerprint Lock applock.passwordfingerprint.applockz 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface...
EUVD-2025-209945
SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through...
CVE-2025-68710
Easyelife App lock aka Fingerprint,Applock or locker.app.safe.applocker 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows -...
Astra Linux – Vulnerability in Firefox and Thunderbird
Due to a sequence of events controlled by the attacker, a JavaScript alert dialog with arbitrary although unstyled contents could be displayed over an uncontrolled web page of the attacker’s choice. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
CVE-2026-0007
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-433251166
Bulletin has no description...
CVE-2021-0446
In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-17225212...
CVE-2021-0569
In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...
CVE-2021-0315
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...