Lucene search
K

16 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.17 views

PT-2026-45571

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00076EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.4 views

CVE-2025-48639

In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS6.8AI score0.00089EPSS
Exploits0References1
NVD
NVD
added 2025/12/08 5:16 p.m.8 views

CVE-2025-48639

In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS0.00089EPSS
Exploits0References3
OSV
OSV
added 2025/12/08 5:16 p.m.7 views

CVE-2025-48589

In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00086EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/08 4:57 p.m.3 views

CVE-2025-48639

In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

6.4AI score0.00089EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/08 4:57 p.m.18 views

CVE-2025-48639

In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

0.00089EPSS
Exploits0References3
CVE
CVE
added 2025/12/08 4:57 p.m.13 views

CVE-2025-48639

CVE-2025-48639 affects the Android Framework, specifically DefaultTransitionHandler.java, where a tapjacking/overlay flaw can unknowingly grant permissions to an app. This enables local elevation of privilege with user interaction required for exploitation. Public references indicate patch levels...

7.3CVSS6.4AI score0.00089EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.4 views

PT-2025-49016

In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

6.8CVSS6.8AI score0.00089EPSS
Exploits0References6
OSV
OSV
added 2025/09/02 11:15 p.m.2 views

CVE-2025-22428

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS5.9AI score0.00079EPSS
Exploits0References2
CVE
CVE
added 2025/09/02 10:11 p.m.440 views

CVE-2025-22428

The CVE describes a logic error in AppInfoBase.java hasInteractAcrossUsersFullPermission that could allow granting permissions to a secondary user from the primary user, enabling local privilege escalation without user interaction. Affected component: Android framework/AppInfoBase.java. Impact: l...

7.8CVSS6.3AI score0.00079EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 11:34 p.m.2 views

CVE-2022-20218

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

7.8CVSS6.8AI score0.00113EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/03/04 2:15 p.m.3 views

CVE-2025-1939

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox 136...

3.9CVSS6AI score0.00171EPSS
Exploits0References3
OSV
OSV
added 2025/03/04 2:15 p.m.1 views

CVE-2025-1939

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox 136...

3.9CVSS5.8AI score0.00171EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/01/22 5:2 p.m.4 views

CVE-2025-24401

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted typically optional permissions, like Overall/Manage to access functionality they're no longer entitle...

6.8CVSS6.9AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/14 5:21 p.m.23 views

CVE-2024-4768

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

5.7AI score0.00534EPSS
Exploits1References6
OSV
OSV
added 2023/09/27 3:19 p.m.3 views

CVE-2023-44123

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAGMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Bluetooth "com.lge.bluetoothsetting" app. The attacker's app, if it had access to app notifications, could intercept...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References1
Rows per page
Query Builder