CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.5AI score0.00088EPSS

Exploits0References1

NVD•added 2025/09/04 7:15 p.m.•5 views

CVE-2025-48545

7.1CVSS0.00088EPSS

Exploits0References2

Cvelist•added 2025/09/04 6:34 p.m.•8 views

CVE-2025-48545

0.00088EPSS

Exploits0References2

Vulnrichment•added 2025/09/04 6:34 p.m.•1 views

CVE-2025-48545

6AI score0.00088EPSS

Exploits0References2

CVE•added 2025/09/04 6:34 p.m.•38 views

CVE-2025-48545

CVE-2025-48545 affects Android’s AccountManagerService.isSystemUid in AccountManagerService.java, enabling a confused deputy to let an app access privileged APIs. This constitutes local privilege escalation with no additional execution privileges and no user interaction required. Public details i...

7.1CVSS6AI score0.00088EPSS

Exploits0References2Affected Software1

NVD•added 2025/07/31 9:15 a.m.•6 views

CVE-2025-8192

There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Inten...

6.9CVSS0.00087EPSS

Exploits0References1

Gitee•added 2025/07/24 6:27 p.m.•148 views

Exploit for Deserialization of Untrusted Data in Google Android

Exploration of CVE-2024-31317 CVE-2024-31317 provides unpriviledged access to any uid and SELinux scope available to proper Android apps. This provides access to uid 1000 system and uid 2000 shell, and can be triggered entirely from an unpriviledged app, allowing for persistence of any...

7.8CVSS7.2AI score0.00779EPSS

Exploits12

RedhatCVE•added 2025/05/22 9:38 p.m.•4 views

CVE-2021-25393

Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data...

6.6CVSS6.7AI score0.00138EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:37 p.m.•5 views

CVE-2021-25485

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket...

8CVSS7AI score0.00177EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 7:35 p.m.•9 views

CVE-2022-39857

Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege...

7.3CVSS6.8AI score0.00159EPSS

Exploits0References1

NVD•added 2025/01/21 11:15 p.m.•12 views

CVE-2024-49737

In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

7.8CVSS0.00077EPSS

Exploits0References1

Cvelist•added 2025/01/21 11:4 p.m.•8 views

CVE-2024-49737

0.00077EPSS

Exploits0References1

Vulnrichment•added 2025/01/21 11:4 p.m.•7 views

CVE-2024-49737

7.8AI score0.00077EPSS

Exploits0References1

CNNVD•added 2025/01/21 12:0 a.m.•3 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates in the WindowOrganizerController.java file's applyTaskFragmentOperation function, which contains a logic error that can be exploited by an...

7.8CVSS7.1AI score0.00077EPSS

Exploits0References2

NVD•added 2023/03/16 9:15 p.m.•15 views

CVE-2023-21456

Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid...

9CVSS9.1AI score0.00217EPSS

Exploits0References1