Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/09/05 4:10 p.m.31 views

CVE-2025-26434

CVE-2025-26434 involves libxml2 with a vulnerability described as an out-of-bounds read caused by a buffer overflow. The impact is local information disclosure without requiring privileges or user interaction, as stated in the public descriptions. Connected documents corroborate the root cause as...

5.5CVSS5.4AI score0.00076EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.31 views

CVE-2025-32324

The CVE-2025-32324 entry concerns the Android ActivityManagerShellCommand.java onCommand path, where a confused deputy could allow arbitrary activity launches and lead to local privilege escalation. The underlying issue enables exploitation with no extra execution privileges and without user inte...

7.8CVSS6.4AI score0.00087EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.31 views

CVE-2025-32331

CVE-2025-32331 involves a logic error in showDismissibleKeyguard within KeyguardService.java that could allow bypassing app pinning, enabling local escalation of privilege without user interaction. The connected sources consistently describe a local-privilege-elevation scenario tied to KeyguardSe...

7.8CVSS6.3AI score0.00093EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.31 views

CVE-2025-32345

The CVE-2025-32345 issue affects Android’s ContentProtectionTogglePreferenceController.java (updateState), where a logic error allows a secondary user to disable the primary user’s deceptive app scanning setting. This enables local privilege escalation with no additional privileges or user intera...

7.8CVSS6.3AI score0.00085EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.31 views

CVE-2025-32346

CVE-2025-32346 pertains to VoicemailSettingsActivity.java in Android, where a confused deputy allows disclosure of work profile contact numbers, enabling local escalation of privilege with no additional privileges and no user interaction required. The connected documents reiterate the same root c...

7.8CVSS6.3AI score0.00077EPSS
CVE
CVE
added 2025/09/04 4:57 a.m.31 views

CVE-2025-36902

In CVE-2025-36902, the vulnerable component is syna_tcm2_sysfs.c, specifically the syna_cdev_ioctl_store_pid() function. It reports a heap buffer overflow causing an out-of-bounds write, which could enable local escalation of privilege with System execution privileges required. Exploitation requi...

6.7CVSS6.6AI score0.0008EPSS
CVE
CVE
added 2025/09/04 4:58 a.m.31 views

CVE-2025-36905

CVE-2025-36905 describes a vulnerability in gxp_mapping_create within gxp_mapping.c, caused by a logic error that enables local privilege escalation with no additional privileges or user interaction required. Exploitation details are not provided in the connected documents. The Pixel bulletin ent...

7.8CVSS6.3AI score0.00082EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.31 views

CVE-2025-48541

CVE-2025-48541 : In the Android code path, the bug occurs in the onCreate of FaceSettings.java, where improper input validation can remove biometric unlock across user profiles. This enables local escalation of privilege with no additional execution privileges required, and exploitation does not ...

7.8CVSS6.3AI score0.00082EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.31 views

CVE-2025-48565

The CVE-2025-48565 entry describes a logic error in Android’s cross-profile intent filtering, enabling local escalation of privilege without extra execution privileges or user interaction. Affected component is the Framework/IntentResolver logic in multiple Android locations, with exploitation de...

7.8CVSS6.5AI score0.00094EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.31 views

CVE-2025-48573

The CVE-2025-48573 entry describes a local elevation-of-privilege in Android's MediaSessionRecord.java via a path in sendCommand that could allow launching a foreground service while the app is backgrounded (FGS while-in-use abuse). The issue enables privilege escalation without extra execution p...

7.8CVSS6.4AI score0.00081EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.31 views

CVE-2025-48602

CVE-2025-48602 describes a logic error in Android’s KeyguardViewMediator.java (exitKeyguardAndFinishSurfaceBehindRemoteAnimation) that can cause a lockscreen bypass, enabling local escalation of privilege without additional execution privileges or user interaction. Affected software is the Androi...

8.4CVSS6.1AI score0.0011EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.31 views

CVE-2026-0010

CVE-2026-0010 involves the IDrmManagerService.cpp onTransact function, where a missing bounds check allows an out-of-bounds write that could enable local escalation of privileges without user interaction. The vulnerability is reported across multiple feeds (Android-related CVE entry, Red Hat, CIR...

8.4CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.31 views

CVE-2026-0024

The CVE-2026-0024 issue is in Android’s MediaProvider.java (isRedactionNeededForOpenViaContentResolver). A missing permission check could reveal the location of media, causing local information disclosure with no extra privileges and without user interaction. The connected sources (NVD, Red Hat, ...

4CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.30 views

CVE-2023-38438

CVE-2023-38438 affects vowifiservice. The issue is a missing permission check in vowifiservice that can lead to local information disclosure without additional execution privileges. According to NVD metrics, the attack is local with low privileges required, and can disclose high-confidentiality d...

5.5CVSS5.2AI score0.00081EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.30 views

CVE-2023-38450

CVE-2023-38450 concerns the vowifiservice with a missing permission check that can allow local escalation of privilege. Vulnerable component: vowifiservice; root cause: inadequate permission validation. Impact per sources: local privilege escalation with high impact; exploitation context: local a...

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.30 views

CVE-2023-38452

Technical details (affected components, versions, exploit scenarios, patches) are not publicly provided in the connected documents. Monitor sources for updates.

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.30 views

CVE-2023-42680

The CVE-2023-42680 entry concerns a vulnerability in the GPU driver where a missing bounds check enables an out-of-bounds read, potentially causing local denial of service with SYSTEM privileges. The available documents consistently describe the issue as a GPU driver boundary-check failure and it...

4.4CVSS4.6AI score0.00102EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.30 views

CVE-2023-42720

CVE-2023-42720 affects the video service in UNISOC chipsets. The root cause is a missing bounds check leading to an out-of-bounds read, which could enable local denial of service with no additional privileges. The CVSS 3.1 base score is 5.5 (Medium) with local attack vector and no user interactio...

5.5CVSS5.4AI score0.00099EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.30 views

CVE-2024-49714

CVE-2024-49714 is an elevation-of-privilege vulnerability in the AVRCP vendor message path: in avrc_vendor_msg within avrc_opt.cc, a heap-buffer overflow can cause an out-of-bounds write. This enables local escalation on a paired device without extra privileges or user interaction. Exploitation i...

7.8CVSS7AI score0.00104EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.30 views

CVE-2025-0089

CVE-2025-0089 affects the Android Launcher application and is described as a logic error that can enable local escalation of privilege without user interaction. The issue is listed in the Android security bulletin with high severity (EoP) for Framework and related components, and patch levels 202...

7.8CVSS6.3AI score0.00098EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.30 views

CVE-2025-22424

CVE-2025-22424 is described across multiple sources as an Android vulnerability arising from improper input validation that can cause images to be revealed across users, enabling local privilege escalation with no extra execution privileges. The NVD entry assigns a CVSS v3.1 base score of 7.8 (Hi...

7.8CVSS5.9AI score0.00088EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.30 views

CVE-2025-32347

CVE-2025-32347 affects the Android BiometricEnrollIntroduction.java onStart path, where an unsafe PendingIntent can disclose the device’s location, enabling local privilege elevation with no extra privileges. Exploitation requires user interaction. Root cause: unsafe PendingIntent leading to info...

7.8CVSS6.3AI score0.00081EPSS
CVE
CVE
added 2025/09/04 4:55 a.m.30 views

CVE-2025-36898

CVE-2025-36898 is a local elevation-of-privilege vulnerability affecting Google Pixel devices, tied to a logic error in the Pixel Sim Lock component. Exploitation requires local access; no user interaction is needed. The CVSS v3.1 score is 7.8 (High) with exploitation described as LOCAL, LOW comp...

7.8CVSS6.4AI score0.00082EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.30 views

CVE-2025-48531

CVE-2025-48531 affects CredentialStorage in Android. A logic error in getCallingPackageName enables a permission bypass, leading to local escalation of privilege with no extra execution privileges or user interaction required. Connected sources confirm the issue but do not provide specific exploi...

7.8CVSS6.3AI score0.00093EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.30 views

CVE-2025-48532

Affected software: Android MediaProvider.java (markMediaAsFavorite).Root cause: a confused deputy flaw allows bypassing the WRITE_EXTERNAL_STORAGE permission, enabling local elevation of privilege.Impact: elevates privileges locally with high confidentiality, integrity and availability implicatio...

7.3CVSS6.3AI score0.00078EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.30 views

CVE-2025-48534

CVE-2025-48534 affects Android’s CellBroadcast handling code. In getDefaultCBRPackageName of CellBroadcastHandler.java, a logic error may allow privilege escalation, yielding local denial of service with System execution privileges and no user interaction required. Current connected sources confi...

8.8CVSS6.1AI score0.00276EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.30 views

CVE-2025-48561

Technical details about CVE-2025-48561 are not provided in the connected documents. Monitor for updates.

5.5CVSS5.1AI score0.00122EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.30 views

CVE-2025-48645

CVE-2025-48645 concerns Google Android. The vulnerability arises from an improper input validation in the Android framework’s DeviceAdminInfo.loadDescription, allowing a malicious local attacker to achieve local elevation of privilege without user interaction. The impact is described as persisten...

9.8CVSS6.1AI score0.00192EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.30 views

CVE-2026-0009

CVE-2026-0009 affects Google Android. The issue is described as a logic error in multiple locations enabling tapjacking that could lead to local privilege escalation with no user interaction required. CVSS v3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base score 7.8 (HIGH). Connected sources ...

7.8CVSS5.9AI score0.00075EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.30 views

CVE-2026-0014

CVE-2026-0014 affects AppOpsService.java (method isPackageNullOrSystem) and describes a possible persistent denial of service due to improper input validation. The issue enables local DoS without user interaction or privileges, as indicated in multiple sources. Exploitation status and specific ex...

6.2CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.30 views

CVE-2026-0046

Technical details are not publicly available in the provided connected documents beyond the general CVE-2026-0046 description (InputInterceptor/Letterbox.java, tapjacking/overlay scenario). Monitor for updates.

6.2CVSS5.9AI score0.00076EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.30 views

CVE-2026-0056

CVE-2026-0056 describes a read out of bounds in setTo of ResourceTypes.cpp, leading to local information disclosure without extra privileges. The issue is labeled as a low-severity, local vulnerability with no user interaction required. Concrete technical details beyond the affected file (Resourc...

3.3CVSS5.9AI score0.00069EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.30 views

CVE-2026-0070

CVE-2026-0070 affects Android’s DevicePolicyManagerService.java, where improper input validation can enable hiding a system critical package, causing a local denial of service without extra privileges. The available documents consistently describe the issue as a local DoS through the described co...

5.5CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.30 views

CVE-2026-0074

CVE-2026-0074 describes a potential denial of service via the getPreferredSize path in LauncherProcessImageListener.kt, where a resource exhaustion condition could be triggered locally. The available documents consistently report a DoS risk requiring local access, with no user interaction needed....

5.5CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.30 views

CVE-2026-0085

CVE-2026-0085 relates to a vulnerability in the DataRowHandler.java function applySimpleFieldMaxSize , where improper input validation could allow inserting an unusually large contact name. The result is a local Denial of Service with no extra privileges and no user interaction required. Document...

5.5CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.30 views

CVE-2026-0099

Technical details about CVE-2026-0099 are not publicly available in the provided connected documents. Monitor for updates from official sources; no further specifics (affected products, root cause, impact, or fixes) are disclosed here.

7.8CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.30 views

CVE-2026-0150

CVE-2026-0150 affects EdgeTPU firmware, specifically the ExecuteGraph command handler. The issue is a possible out-of-bounds write caused by an integer overflow, enabling local escalation of privilege with root privileges required. Exploitation does not require user interaction. The available con...

7.8CVSS5.4AI score0.00067EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.29 views

CVE-2023-42688

The CVE-2023-42688 issue is described across connected sources as a missing permission check in the wifi service, enabling local privilege escalation with no extra privileges. This aligns with the Red Hat/NVD/CNNVD entries and the UNISOC/CNNVD narratives, showing a local-privilege-elevation impac...

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.29 views

CVE-2023-42734

The CVE-2023-42734 entry describes a vulnerability in the telephony service where a missing permission check can lead to local information disclosure without requiring additional execution privileges. Affected component: telephony service (platform-level). Root cause: insufficient access control ...

5.5CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.29 views

CVE-2025-26464

CVE-2025-26464 is an elevation-of-privilege issue in Android tied to AppSearchManagerService.java (executeAppFunction). The described logic error could cause a background activity to launch, enabling local privilege escalation without user interaction. Documents consistently refer to this vulnera...

7.8CVSS6.3AI score0.00093EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.29 views

CVE-2025-32327

CVE-2025-32327 affects Google Android via SQL injection in multiple functions of PickerDbFacade.java, enabling unauthorized data access and local elevation of privilege with no user interaction. Impact and exploit details are stated in multiple sources (NVD, Red Hat, CNVD, OSV). Root cause is an ...

7.8CVSS6.9AI score0.00107EPSS
CVE
CVE
added 2025/09/04 4:49 a.m.29 views

CVE-2025-36890

CVE-2025-36890 is a WLAN Elevation of Privilege issue affecting Google Pixel devices. The public details indicate a root cause in the BCM WiFi driver: an out‑of‑bounds/write issue when handling firmware messages, specifically when wl_notify_scan_status is invoked in response to the WLC_E_SCAN_COM...

9.8CVSS6.5AI score0.00226EPSS
CVE
CVE
added 2025/09/04 4:54 a.m.29 views

CVE-2025-36896

CVE-2025-36896 affects WLAN on Google Pixel devices running Android prior to the 2025-09-05 patch level. The issue is an elevation of privilege in the WLAN component; CVSS 3.1 base score 9.8 (CRITICAL) with network attack vector, no user interaction required. The Pixel security bulletin groups th...

9.8CVSS6.3AI score0.00234EPSS
CVE
CVE
added 2025/09/04 4:58 a.m.29 views

CVE-2025-36903

CVE-2025-36903 affects the lwis_io_buffer_write path (lwis) with an out-of-bounds read/write caused by insufficient input validation. The issue enables local elevation of privilege without extra execution privileges or user interaction (per the CVE description and corroborating sources). Public r...

7.8CVSS6.3AI score0.00078EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.29 views

CVE-2025-48523

CVE-2025-48523 targets Android: the issue occurs in onCreate of SelectAccountActivity.java and allows adding contacts without the required permission due to a logic error. This enables local escalation of privilege with no additional execution privileges and without user interaction. Impact is de...

7.8CVSS6.3AI score0.00085EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.29 views

CVE-2025-48542

CVE-2025-48542 is an Android vulnerability affecting AccountManagerService.java, causing a possible permanent denial of service due to resource exhaustion. Exploitation is local, requires no additional privileges, and does not require user interaction. Multiple connected sources corroborate the i...

5.5CVSS5.7AI score0.00076EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.29 views

CVE-2025-48587

CVE-2025-48587 is linked to Google Android and involves multiple functions in ProfilingService.java where improper input validation can cause a persistent local denial of service without user interaction or extra privileges. The condition is confirmed across CVE/NVD entries and mirrored in relate...

6.2CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.29 views

CVE-2026-0050

Technical details are not publicly available in the provided documents for CVE-2026-0050. Monitor for updates from official advisories.

3.3CVSS5.9AI score0.00068EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.29 views

CVE-2026-0142

CVE-2026-0142 affects the AVB component (iavb_parse_key_data in avb_rsa.c). The root cause is an out-of-bounds read due to improper input validation, leading to local information disclosure without extra privileges or user interaction. Connected documents confirm the same description across multi...

3.3CVSS5.6AI score0.00069EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.29 views

CVE-2026-28580

Technical details about CVE-2026-28580 (affected products, vulnerable components, root cause, and fixes) are not publicly available in the provided documents. Monitor for updates in the connected feeds (NVD, EUVD, OSV) for confirmation and patches.

7.8CVSS5.9AI score0.00073EPSS
Total number of security vulnerabilities8153