366612 matches found
CVE-2026-28578
CVE-2026-28578 describes a vulnerability in multiple functions of Android’s DevicePolicyManagerService.java where there is a desync from persistence caused by improper input validation. This can lead to a local denial of service without requiring additional privileges or user interaction. Documen...
CVE-2026-28577
CVE-2026-28577 corresponds to a tapjacking/overlay flaw in Android’s WindowManagerService.addWindow. The issue could permit local elevation of privilege with no extra execution privileges and without user action. CVSS 3.1 base metrics indicate Local, Low attack complexity and Low privileges requi...
CVE-2026-0100
CVE-2026-0100 : The description across NVD, OSV, and vuln enrichment indicates a vulnerability in the Load path of LoadedArsc.cpp causing an out-of-bounds write via a heap buffer overflow. This can enable local privilege escalation with no extra execution privileges required; exploitation is poss...
CVE-2026-0085
CVE-2026-0085 relates to a vulnerability in the DataRowHandler.java function applySimpleFieldMaxSize , where improper input validation could allow inserting an unusually large contact name. The result is a local Denial of Service with no extra privileges and no user interaction required. Document...
CVE-2026-0093
Technical details for CVE-2026-0093 are not publicly available in the provided documents (no affected products, fixes, or exploit info). Monitor for updates from official sources.
CVE-2026-0080
Technical details are not publicly available in the provided documents; no affected products, versions, vectors, or mitigations are specified. Monitor for updates.
CVE-2026-0087
CVE-2026-0087 : The connected sources identify a logic error in Android’s DomainVerificationService.java (approvalLevelForDomainInternal) that could allow hijacking an arbitrary app link, enabling local privilege escalation without user interaction. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:...
CVE-2026-0078
CVE-2026-0078 affects Android’s DevicePolicyManagerService (setGlobalProxy). The issue is a desync in persistence caused by improper input validation, enabling local privilege escalation with no extra execution privileges required. Exploitation is described as local and does not require user inte...
CVE-2026-0089
The CVE-2026-0089 issue affects the PackageInstallerService.java component and enables installation of unverified apps due to a missing permission check, enabling local privilege escalation with no extra execution privileges required and no user interaction needed. The core impact is local escala...
CVE-2026-0086
CVE-2026-0086 affects the Android component DisableSupervisionActivity.kt, where in onCreate a missing null check can permit deletion of supervision data. This enables local escalation of privilege without extra execution privileges and without user interaction. CVSSv3.1 vector (L, L, N, U) yield...
CVE-2026-0079
Technical details about CVE-2026-0079 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-0088
The CVE-2026-0088 affects Android’s CertInstaller.getCallingAppLabel, where a misleading or insufficient UI could allow hiding a sensitive security dialogue. This enables local privilege escalation with no extra privileges and no user interaction required for exploitation, as described across NVD...
CVE-2026-0091
Technical details about CVE-2026-0091 are not publicly available in the provided documents. No affected products, versions, or remediation are specified here. Monitor the sources for updates.
CVE-2026-0077
CVE-2026-0077 is linked to Android’s ActivityRecord.java resumeConfigurationDispatch, where a logic error can trigger a background application launch (bal) and enable local privilege escalation without extra privileges or user interaction. Connected sources (NVD/Red Hat/NCSC EUVD, etc.) confirm t...
CVE-2026-0060
Technical details about CVE-2026-0060 are not publicly available in the provided documents. No affected products, vectors, or mitigations are specified here. Monitor for updates as new information becomes available.
CVE-2026-0070
CVE-2026-0070 affects Android’s DevicePolicyManagerService.java, where improper input validation can enable hiding a system critical package, causing a local denial of service without extra privileges. The available documents consistently describe the issue as a local DoS through the described co...
CVE-2026-0075
The CVE-2026-0075 entry describes a SQL injection that could permit access to the contacts database, enabling local escalation of privilege with no additional privileges required and no user interaction needed. Connected documents (including RH/CVE, EUVD, NVD, CNNVD, and others) reiterate the sam...
CVE-2026-0074
CVE-2026-0074 describes a potential denial of service via the getPreferredSize path in LauncherProcessImageListener.kt, where a resource exhaustion condition could be triggered locally. The available documents consistently report a DoS risk requiring local access, with no user interaction needed....
CVE-2026-0061
CVE-2026-0061 involves multiple functions of WindowState.java where a tapjacking/overlay condition could trick a user into accepting a permission. The issue allows local privilege escalation with no additional execution privileges and does not require user interaction for exploitation, per the pr...
CVE-2026-0067
Technical details, affected products, and remediation are not publicly provided in the supplied documents. Monitor for updates from the listed sources; no concrete exploit or affected versions can be confirmed from the material available.
CVE-2026-0059
Technical details about CVE-2026-0059 are not publicly available in the provided documents; no affected products, versions, root cause, or mitigations are disclosed here. Monitor for updates.
CVE-2026-0069
CVE-2026-0069 describes a DoS in ApkChecksums.java: In verifySignature there is a path that can crash the process due to resource exhaustion, enabling local denial of service without extra privileges or user interaction. Documents consistently confirm the issue is local and DoS-focused; no remote...
CVE-2026-0076
CVE-2026-0076 describes an out-of-bounds read in validateNode of ResourceTypes.cpp, caused by an incorrect bounds check. This could enable local privilege escalation with no user interaction, per the included descriptions. Connected sources repeat this detail across multiple feeds (NVD/EUVD) with...
CVE-2026-0044
CVE-2026-0044 affects the UBSan throwing runtime implementation (ubsan_throwing_runtime.cpp) across multiple functions. The vulnerability is caused by an integer overflow, which can crash the system and result in a remote denial of service. Exploitation requires network access with low attack com...
CVE-2026-0052
Technical details (affected product/component/version, root cause, exploit status) are not provided in the connected documents. Monitor for updates from sources linked to CVE-2026-0052.
CVE-2026-0055
CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...
CVE-2026-0045
CVE-2026-0045 concerns a logic error in the Bluetooth stack: in bta_jv_rfcomm_connect of bta_jv_act.cc , there is a possible bypass of bonding for a secure connection. This could allow local escalation of privilege with no additional execution privileges needed, and requires no user interaction t...
CVE-2026-0050
Technical details are not publicly available in the provided documents for CVE-2026-0050. Monitor for updates from official advisories.
CVE-2026-0051
CVE-2026-0051 describes a vulnerability in multiple functions of ubsan_throwing_runtime.cpp that can trigger a system crash via improper input validation, leading to remote denial of service with no extra privileges and no user interaction required. The CVE is documented across NVD entries and re...
CVE-2026-0056
CVE-2026-0056 describes a read out of bounds in setTo of ResourceTypes.cpp, leading to local information disclosure without extra privileges. The issue is labeled as a low-severity, local vulnerability with no user interaction required. Concrete technical details beyond the affected file (Resourc...
CVE-2026-0046
Technical details are not publicly available in the provided connected documents beyond the general CVE-2026-0046 description (InputInterceptor/Letterbox.java, tapjacking/overlay scenario). Monitor for updates.
CVE-2026-0048
Technical details for CVE-2026-0048 are not publicly provided in the supplied documents. The description notes a tapjacking/overlay issue with local privilege escalation, but no concrete affected products, versions, or fixes are disclosed. Monitor for updates.
CVE-2026-0039
CVE-2026-0039 describes a persistent DoS via an integer overflow in multiple functions of ubsan_throwing_runtime.cpp. Affected: GrapheneOS (prior to 2026030200) and likely other components cited in NVD/NVD-derived feeds. Exploitation would be remote, with no user interaction required, and could i...
CVE-2026-0043
CVE-2026-0043 affects code paths in ubsan_throwing_runtime.cpp where an integer overflow can cause a persistent denial of service and local escalation of privilege without user interaction. The connected sources (NVD/NVD OSV/ENISA EUVD and related enrichments) consistently describe this flaw as a...
CVE-2026-0018
The CVE-2026-0018 issue affects AccessibilityManagerService.java and represents a local DoS caused by improper input validation across multiple functions. The impact is a persistent Denial of Service requiring no user interaction, with an attacker likely able to trigger it locally. The CVSS 3.1 v...
CVE-2026-0041
In the connected disclosures, CVE-2026-0041 is tied to an integer overflow in multiple functions of ubsan_throwing_runtime.cpp, causing a UBSan failure that can lead to remote denial of service without extra privileges or user interaction. PT-2026-4712 explicitly flags Chromium as affected, notin...
CVE-2026-0040
CVE-2026-0040 affects code in ubsan_throwing_runtime.cpp where an integer overflow can crash the process, enabling remote denial of service with no user interaction. CVSSv3.1 metrics indicate NETWORK access, LOW privileges, LOW attack complexity, and HIGH availability impact. No remediation or ex...
CVE-2026-0036
CVE-2026-0036 describes a tapjacking vulnerability in StageCoordinator.java that could enable local privilege escalation via a tapjacking/overlay attack without user interaction. The issue allows exploitation with local access and is associated with the Android platform (Android Bulletin context ...
CVE-2026-0009
CVE-2026-0009 affects Google Android. The issue is described as a logic error in multiple locations enabling tapjacking that could lead to local privilege escalation with no user interaction required. CVSS v3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base score 7.8 (HIGH). Connected sources ...
CVE-2026-0042
CVE-2026-0042 describes a persistent denial-of-service risk in multiple functions of ubsan_throwing_runtime.cpp due to resource exhaustion. The issue enables local denial of service without elevation of privileges and does not require user interaction. The affected context is the UBSan throwing r...
CVE-2026-0016
CVE-2026-0016 affects CredentialManagerService.java (updateProvidersWhenServiceRemoved). The vulnerability arises from a permissions bypass that could allow overriding settings across users, causing local information disclosure with no extra execution privileges required. Exploitation status is n...
CVE-2025-48652
The CVE-2025-48652 entry describes a logic error in performPreInstallChecks within InstallRepository.kt that could bypass MDM policy, enabling local escalation of privilege with no extra execution privileges required and no user interaction needed. Connected sources (EUVD-2025-210017, NVD) corrob...
CVE-2025-48648
Technical details about CVE-2025-48648 are not publicly available in the provided documents. The descriptions only reiterate a potential local DoS in NotificationManagerService.java without specifics on affected versions, root cause, or remediation. Monitor for updates.
CVE-2025-48616
CVE-2025-48616 affects a component in KeyguardViewMediator.java, enabling a bypass of lockdown mode via screen pinning due to a logic error. This can lead to local information disclosure without requiring exploitation privileges or user interaction. Document does not specify affected product vers...
CVE-2025-48649
Technical details for CVE-2025-48649 are not publicly available in the provided Connected and Initial documents. No product/vendor/version mappings or exploit information are specified. Monitor for updates from official advisories to obtain affected scope and remediation.
CVE-2025-26418
Technical details (affected products, exact component, exploit conditions, remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2025-22426
CVE-2025-22426 involves a logic error in ComputerEngine.java that can allow cross-user access to URIs, enabling local privilege escalation without user interaction. Exploitation details and affected product/version specifics are not provided in the documents; remediation/patch details are not exp...
CVE-2025-32348
CVE-2025-32348 affects Android devices. The underlying issue is a missing permission check in multiple locations that can allow a background activity to be launched, enabling local elevation of privilege without additional execution privileges, and no user interaction is required to exploit. The ...
CVE-2025-48570
CVE-2025-48570 involves PipTaskOrganizer.java in Android, where a confused deputy allows launching an activity from the background, enabling local elevation of privilege without extra execution privileges. The CVE is described as a local, high-severity issue (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:...
CVE-2025-48595
CVE-2025-48595 is an Android Framework vulnerability involving an integer overflow that could enable code execution and local privilege escalation without user interaction. The Android Security Bulletin (June 2026) lists this CVE under Framework in the 2026-06-01 patch level with an overall high/...