CVE-2025-48598

In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-26586

Malicious code in bioql PyPI...

EUVD-2025-27039

Malicious code in bioql PyPI...

CVE-2025-22428

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-32345

The CVE-2025-32345 issue affects Android’s ContentProtectionTogglePreferenceController.java (updateState), where a logic error allows a secondary user to disable the primary user’s deceptive app scanning setting. This enables local privilege escalation with no additional privileges or user intera...

CVE-2025-26435

In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the updateState function in ContentProtectionTogglePreferenceController.java, which can be exploited by an attacker to elevate...

CVE-2025-22428

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-22428

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-22428

The CVE describes a logic error in AppInfoBase.java hasInteractAcrossUsersFullPermission that could allow granting permissions to a secondary user from the primary user, enabling local privilege escalation without user interaction. Affected component: Android framework/AppInfoBase.java. Impact: l...

CVE-2024-7205

CVE-2024-7205 affects eWeLink Cloud Service, specifically the homepage module prior to version 2.19.0. When a device is shared, a secondary user can take over control as the primary user by disclosed unnecessary device-sensitive information. The CVSS data in the initial document indicates high im...

CVE-2016-3760

Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683...