CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.5AI score0.00003EPSS

Exploits0References1

NVD•added 2025/09/04 7:15 p.m.•4 views

CVE-2025-48545

7.1CVSS0.00003EPSS

Exploits0References2

CVE•added 2025/09/04 6:34 p.m.•24 views

CVE-2025-48545

The CVE-2025-48545 entry relates to AccountManagerService.java (isSystemUid) in Android, where a confused deputy could allow an app to access privileged APIs. This could lead to local privilege escalation without additional execution privileges and without user interaction. The Android security b...

7.1CVSS6AI score0.00003EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/09/04 6:34 p.m.•1 views

CVE-2025-48545

6AI score0.00003EPSS

Exploits0References2

Cvelist•added 2025/09/04 6:34 p.m.•6 views

CVE-2025-48545

0.00003EPSS

Exploits0References2

NVD•added 2025/07/31 9:15 a.m.•4 views

CVE-2025-8192

There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Inten...

6.9CVSS0.0005EPSS

Exploits0References1

Gitee•added 2025/07/24 6:27 p.m.•131 views

Exploit for Deserialization of Untrusted Data in Google Android

Exploration of CVE-2024-31317 CVE-2024-31317 provides unpriviledged access to any uid and SELinux scope available to proper Android apps. This provides access to uid 1000 system and uid 2000 shell, and can be triggered entirely from an unpriviledged app, allowing for persistence of any...

7.8CVSS7.2AI score0.07032EPSS

Exploits12

RedhatCVE•added 2025/05/22 9:38 p.m.•2 views

CVE-2021-25393

Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data...

6.6CVSS6.7AI score0.00028EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:37 p.m.•4 views

CVE-2021-25485

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket...

8CVSS7AI score0.0006EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 7:35 p.m.•6 views

CVE-2022-39857

Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege...

7.3CVSS6.8AI score0.00057EPSS

Exploits0References1

NVD•added 2025/01/21 11:15 p.m.•10 views

CVE-2024-49737

In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

7.8CVSS0.00051EPSS

Exploits0References1

Vulnrichment•added 2025/01/21 11:4 p.m.•5 views

CVE-2024-49737

7.8AI score0.00051EPSS

Exploits0References1

Cvelist•added 2025/01/21 11:4 p.m.•6 views

CVE-2024-49737

0.00051EPSS

Exploits0References1

CNNVD•added 2025/01/21 12:0 a.m.•1 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates in the WindowOrganizerController.java file's applyTaskFragmentOperation function, which contains a logic error that can be exploited by an...

7.8CVSS7.1AI score0.00051EPSS

Exploits0References2

NVD•added 2023/03/16 9:15 p.m.•15 views

CVE-2023-21456

Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid...

9CVSS9.1AI score0.00096EPSS

Exploits0References1