EUVD-2026-33794

In setGlobalProxy of DevicePolicyManagerService.java, there is a possible desync in persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0078

CVE-2026-0078 affects Android’s DevicePolicyManagerService (setGlobalProxy). The issue is a desync in persistence caused by improper input validation, enabling local privilege escalation with no extra execution privileges required. Exploitation is described as local and does not require user inte...

CVE-2025-26418

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

ASB-A-475228205

In multiple functions of DevicePolicyManagerService.java, there is a possible desync from persistence due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48633

In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

EUVD-2020-12646

Malware in sbrugna...

EUVD-2020-12647

Malware in sbrugna...

EUVD-2020-12648

Malware in sbrugna...

EUVD-2020-12650

Malware in sbrugna...

EUVD-2020-12644

Malware in sbrugna...

EUVD-2020-12645

Malware in sbrugna...

EUVD-2015-3878

Malware in sbrugna...

Google Android elevation of privilege vulnerability (CNVD-2025-24497)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by a logic error in the handlePackagesChanged function in DevicePolicyManagerService.java. An attacker can exploit the vulnerability to gain elevate...

CVE-2025-48554

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-48554

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-48553

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22442

In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...

Malicious code in ms-policyservice (npm)

The package ms-policyservice was found to contain malicious code...

MAL-2025-26832 Malicious code in ms-policyservice (npm)

The package ms-policyservice was found to contain malicious code...

CVE-2021-0982

In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...