Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/09/04 4:57 a.m.29 views

CVE-2025-36902

In CVE-2025-36902, the vulnerable component is syna_tcm2_sysfs.c, specifically the syna_cdev_ioctl_store_pid() function. It reports a heap buffer overflow causing an out-of-bounds write, which could enable local escalation of privilege with System execution privileges required. Exploitation requi...

6.7CVSS6.6AI score0.0008EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.28 views

CVE-2023-42733

CVE-2023-42733 involves a missing permission check in the telephony service of UNISOC chipsets, enabling local information disclosure without extra privileges. Documented impact: confidentiality loss (high); exploitation is local with low complexity and requires low privileges. Connected sources ...

5.5CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.28 views

CVE-2025-26454

CVE-2025-26454 concerns a flaw in the Android component DisclaimersParserImpl.java, where a confused deputy could allow access to data from other users, enabling local privilege escalation without extra execution privileges or user interaction. The public records consistently describe the issue a...

7.8CVSS6.3AI score0.00089EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.28 views

CVE-2025-32321

CVE-2025-32321 : isSafeIntent in AccountTypePreferenceLoader.java may bypass an intent type check due to a confused deputy, enabling local elevation of privilege with no extra privileges and no user interaction required. Connected sources confirm this is a local-privilege-elevation issue; no patc...

7.8CVSS6.3AI score0.00082EPSS
CVE
CVE
added 2025/09/04 4:49 a.m.28 views

CVE-2025-36890

CVE-2025-36890 is a WLAN Elevation of Privilege issue affecting Google Pixel devices. The public details indicate a root cause in the BCM WiFi driver: an out‑of‑bounds/write issue when handling firmware messages, specifically when wl_notify_scan_status is invoked in response to the WLC_E_SCAN_COM...

9.8CVSS6.5AI score0.00226EPSS
CVE
CVE
added 2025/09/04 4:56 a.m.28 views

CVE-2025-36901

CVE-2025-36901 corresponds to a WLAN elevation-of-privilege issue affecting Android on Google Pixel devices prior to the 2025-09-05 patch. The vuln is described as an EoP in WLAN on Pixel, with the Pixel security bulletin listing CVE-2025-36901 as mitigated by the 2025-09-05 patch level. The prov...

8.8CVSS6.3AI score0.0015EPSS
CVE
CVE
added 2025/09/04 4:59 a.m.28 views

CVE-2025-36908

The CVE-2025-36908 entry describes an out-of-bounds write in lwis_top_register_io within lwis_device_top.c that could enable local privilege escalation with System execution privileges required. The description and related entries confirm the vulnerable component is the lwis top logic. No exploit...

6.7CVSS6.2AI score0.00085EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.28 views

CVE-2025-48523

CVE-2025-48523 targets Android: the issue occurs in onCreate of SelectAccountActivity.java and allows adding contacts without the required permission due to a logic error. This enables local escalation of privilege with no additional execution privileges and without user interaction. Impact is de...

7.8CVSS6.3AI score0.00085EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.28 views

CVE-2025-48623

CVE-2025-48623 concerns the Linux kernel’s pkvm path in init_pkvm_hyp_vcpu, where an input validation error can cause an out-of-bounds write. The Red Hat/EUVD/NVD/NVD-enrichment entries corroborate a local privilege-escalation impact due to this improper validation, with no user interaction requi...

7.8CVSS6.5AI score0.00096EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.28 views

CVE-2026-0035

CVE-2026-0035 affects the Android MediaProvider component. In MediaProvider.java's createRequest, a logic error can allow an app to gain read/write access to non-existent files, enabling local privilege escalation without extra execution privileges or user interaction. This vulnerability is docum...

8.4CVSS6.1AI score0.00103EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.27 views

CVE-2023-42703

The CVE-2023-42703 entry describes a vulnerability in the firewall service where a missing permission check allows writing permission usage records for an app, enabling local information disclosure without additional execution privileges. Affected context is the firewall service component; underl...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.27 views

CVE-2023-42737

CVE-2023-42737 affects telecom service in Unisoc chipsets, where a missing permission check allows writing permission usage records, exposing local information without extra execution privileges. CVSSv3.1 base score 5.5 (Medium); attack vector LOCAL, privileges LOW, user interaction NONE, confide...

5.5CVSS5.3AI score0.00094EPSS
CVE
CVE
added 2025/07/08 2:0 a.m.27 views

CVE-2025-20695

The CVE-2025-20695 involves Bluetooth firmware where an uncaught exception can cause a system crash, leading to remote denial of service without extra privileges or user interaction. Affected component is Bluetooth firmware (MediaTek-based). The vulnerability’s impact is a high availability denia...

6.5CVSS6.6AI score0.00153EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.27 views

CVE-2025-20781

The CVE-2025-20781 issue affects MediaTek chipsets’ display component, caused by a memory corruption due to use-after-free. This leads to local escalation of privilege if an attacker already has System privileges; exploitation does not require user interaction. A patch is listed as ALPS10182914 (...

7.8CVSS6.5AI score0.00071EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.27 views

CVE-2025-32333

CVE-2025-32333 concerns a logic error in the Android SpaActivity implementation (SpaActivity.kt) that can enable a cross-user permission bypass, leading to local privilege escalation with no user interaction and no additional execution privileges required. The Connected documents (PT-2025-36043 a...

7.8CVSS6.3AI score0.00086EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.27 views

CVE-2025-36934

CVE-2025-36934 is discussed in connected Google Project Zero posts as a 0-click/exploit chain involving the Dolby Unified Decoder (UDC) on Pixel devices. The vulnerability arises inside EMDF parsing in the UDC, where an attacker-controlled EMDF container can trigger a buffer overrun on the evo he...

7.4CVSS6.4AI score0.00095EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.27 views

CVE-2025-48527

In Android security bulletin details, CVE-2025-48527 is listed under the Framework component as an Information Disclosure (type ID) with High severity. It involves a logic error that could leak hidden work profile notifications, enabling local information disclosure without additional privileges ...

6.2CVSS5.1AI score0.00096EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.27 views

CVE-2025-48560

CVE-2025-48560 describes a vulnerability in Android/Wear OS where an app could monitor motion events via AndroidManifest.xml due to a confused deputy, enabling local information disclosure without extra privileges or user interaction. Connected sources (Wear OS security bulletin and related advis...

5.5CVSS5AI score0.0007EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.27 views

CVE-2025-48648

Technical details about CVE-2025-48648 are not publicly available in the provided documents. The descriptions only reiterate a potential local DoS in NotificationManagerService.java without specifics on affected versions, root cause, or remediation. Monitor for updates.

5.5CVSS5.9AI score0.00068EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.27 views

CVE-2026-0016

CVE-2026-0016 affects CredentialManagerService.java (updateProvidersWhenServiceRemoved). The vulnerability arises from a permissions bypass that could allow overriding settings across users, causing local information disclosure with no extra execution privileges required. Exploitation status is n...

3.3CVSS5.9AI score0.00065EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.27 views

CVE-2026-0023

Technical details for CVE-2026-0023 are not publicly available in the provided documents. Monitor for updates.

7.8CVSS6.1AI score0.00084EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.27 views

CVE-2026-0029

The CVE-2026-0029 entry concerns Google Android’s kernel code, specifically a logic error in __pkvm_init_vm in pkvm.c that may cause memory corruption and enable local privilege escalation without user interaction. The vulnerability is documented across multiple feeds (NVD/NCSC/CNVD/CVELIST) with...

8.4CVSS6.1AI score0.00107EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.27 views

CVE-2026-0069

CVE-2026-0069 describes a DoS in ApkChecksums.java: In verifySignature there is a path that can crash the process due to resource exhaustion, enabling local denial of service without extra privileges or user interaction. Documents consistently confirm the issue is local and DoS-focused; no remote...

5.5CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.27 views

CVE-2026-0089

The CVE-2026-0089 issue affects the PackageInstallerService.java component and enables installation of unverified apps due to a missing permission check, enabling local privilege escalation with no extra execution privileges required and no user interaction needed. The core impact is local escala...

7.8CVSS5.9AI score0.00067EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.27 views

CVE-2026-0093

Technical details for CVE-2026-0093 are not publicly available in the provided documents (no affected products, fixes, or exploit info). Monitor for updates from official sources.

7.8CVSS5.9AI score0.00073EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.26 views

CVE-2023-42705

CVE-2023-42705 concerns IMS service (imsservice) where a missing permission check allows writing permission usage records for an app, enabling local information disclosure without extra execution privileges. Multiple sources corroborate a local-privacy impact tied to imsservice, with CVSSv3.1/AV:...

5.5CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2025/09/01 5:12 a.m.26 views

CVE-2025-20707

CVE-2025-20707 : In geniezone, a memory corruption due to use-after-free is reported. This could enable local escalation of privilege for an attacker already with System privileges; exploitation does not require user interaction. Patch ID: ALPS09924201; Issue ID: MSV-3820.

6.7CVSS6.3AI score0.00091EPSS
CVE
CVE
added 2025/09/04 7:23 p.m.26 views

CVE-2025-22415

CVE-2025-22415 affects Android Wear OS devices and is described as a local elevation-of-privilege in the android_app component of Android.bp, where there is a path to launch any activity as a system user without user interaction. The root cause is tied to the System component behavior in Wear OS/...

4CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.26 views

CVE-2025-32332

CVE-2025-32332 describes a use-after-free memory corruption in multiple locations, enabling local escalation of privilege with no additional execution privileges or user interaction. CVSSv3.1 base score 7.8 (LOCAL, HIGH). Exploitation is described as local; no exploit details are provided in the ...

7.8CVSS6.5AI score0.00084EPSS
CVE
CVE
added 2025/09/04 4:59 a.m.26 views

CVE-2025-36906

CVE-2025-36906 involves a heap-buffer overflow in the ConvertReductionOp of darwinn_mlir_converter_aidl.cc, causing an out-of-bounds write that can lead to local privilege escalation. The vulnerability is exploitable with local access and does not require user interaction. The source documents co...

7.8CVSS6.7AI score0.00079EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.26 views

CVE-2025-36937

CVE-2025-36937 affects the AudioDecoder::HandleProduceRequest path in audio_decoder.cc. The issue is an out-of-bounds write caused by an incorrect bounds check, which could enable remote code execution over the network without user interaction or extra privileges. Multiple connected sources (incl...

9.8CVSS7.6AI score0.00247EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.26 views

CVE-2025-48524

CVE-2025-48524 is a local denial-of-service vulnerability in Android related to WifiPermissionsUtil.java isSystem, caused by a missing permission check. The issue enables a local attacker to trigger DoS without extra privileges and without user interaction. Exploitation details are not provided i...

5.5CVSS5.5AI score0.00078EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.26 views

CVE-2025-48535

Summary of CVE-2025-48535 (Android): A flaw in assertSafeToStartCustomActivity within AppRestrictionsFragment.java allows a parcel mismatch to trigger a launch-anywhere vulnerability via unsafe deserialization, enabling local elevation of privilege without additional execution privileges or user ...

7.8CVSS6.3AI score0.00164EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.26 views

CVE-2025-48547

CVE-2025-48547 is an Android elevation-of-privilege issue affecting the Permission Controller/Android framework. A logic error allows a one-time permission bypass in multiple locations, enabling local privilege escalation with no extra execution privileges required; exploitation requires user int...

7.3CVSS6.4AI score0.00081EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.26 views

CVE-2025-48574

CVE-2025-48574 affects Android’s UI component: DisplayPolicy.java (validateAddingWindowLw). The issue arises from a missing permission check, allowing an app to intercept drag-and-drop events and perform local elevation of privilege without extra execution privileges or user interaction. Public d...

8.4CVSS6.1AI score0.00097EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.26 views

CVE-2025-48584

CVE-2025-48584 affects the Android Framework via NotificationManagerService.java, where a method can bypass per-package channel limits, enabling local DoS through resource exhaustion without user interaction. The issue is documented across multiple feeds (NVD/Red Hat/ENISA/OSV) and is categorized...

5.5CVSS5.8AI score0.00085EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.26 views

CVE-2025-48652

The CVE-2025-48652 entry describes a logic error in performPreInstallChecks within InstallRepository.kt that could bypass MDM policy, enabling local escalation of privilege with no extra execution privileges required and no user interaction needed. Connected sources (EUVD-2025-210017, NVD) corrob...

7.8CVSS5.9AI score0.00083EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.26 views

CVE-2025-48654

CVE-2025-48654 concerns the Android CompanionDeviceManagerService.java, where a logic error in onStart can cause a confused deputy leading to local elevation of privilege. Exploitation does not require user interaction. Affected component: CompanionDeviceManagerService (Android). Reported impact:...

7.8CVSS6.1AI score0.00098EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.26 views

CVE-2026-28578

CVE-2026-28578 describes a vulnerability in multiple functions of Android’s DevicePolicyManagerService.java where there is a desync from persistence caused by improper input validation. This can lead to a local denial of service without requiring additional privileges or user interaction. Documen...

5.5CVSS5.9AI score0.00066EPSS
CVE
CVE
added 2025/09/04 7:23 p.m.25 views

CVE-2025-22414

CVE-2025-22414 concerns a local elevation of privilege in FrpBypassAlertActivity.java due to a missing permission check, enabling FRP bypass without user interaction. Public sources identify the Wear OS/System component context and classify the issue as High severity with local access required (A...

7.8CVSS6.2AI score0.00076EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.25 views

CVE-2025-26418

Technical details (affected products, exact component, exploit conditions, remediation) are not publicly available in the provided documents. Monitor for updates.

7.8CVSS5.9AI score0.00068EPSS
CVE
CVE
added 2025/09/04 7:28 p.m.25 views

CVE-2025-26439

CVE-2025-26439 describes a logic error in getComponentName of AccessibilitySettingsUtils.java that can allow a malicious TalkBack service to be enabled in place of the system component. This enables local privilege escalation with no additional privileges or user interaction needed (AV:L/AC:L/PR:...

7.8CVSS6.3AI score0.00082EPSS
CVE
CVE
added 2026/03/02 6:41 p.m.25 views

CVE-2025-32313

CVE-2025-32313 relates to UsageEvents.java in Android, where an incorrect bounds check can cause an out-of-bounds write. This enables local privilege escalation with no additional execution privileges and no user interaction required. Affected software is described as UsageEvents (class/file) wit...

8.4CVSS6.1AI score0.0008EPSS
CVE
CVE
added 2025/09/04 4:51 a.m.25 views

CVE-2025-36894

CVE-2025-36894 is a DoS issue affecting Google Pixel devices, categorized under the Modem component in the Pixel update bulletin. The vulnerability stems from a missing null check, enabling remote denial of service without additional privileges or user interaction. The Android Pixel bulletin assi...

7.5CVSS6AI score0.00255EPSS
CVE
CVE
added 2025/09/04 4:58 a.m.25 views

CVE-2025-36904

CVE-2025-36904 maps to a WLAN elevation-of-privilege issue on Google Pixel devices. Connected OSV data describes a Broadcom Wi‑Fi driver vulnerability in wl_android_get_best_channels, an out-of-bounds write caused by unvalidated list->count. The Pixel bulletin indicates updating to 2025-09-05 ...

9.8CVSS6.3AI score0.00234EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.25 views

CVE-2025-48556

CVE-2025-48556 affects NotificationChannel.java with a desynchronization-from-persistence issue caused by improper input validation. This can enable local privilege escalation and requires user interaction to exploit. The connected PT-2025-36076 entry notes the affected file and the local-privile...

7.3CVSS6.4AI score0.00083EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.25 views

CVE-2025-48589

CVE-2025-48589 affects Google Android components, with the vulnerability located in multiple functions of HeaderPrivacyIconsController.kt. The underlying issue is a logic error that can grant permissions across users, enabling local elevation of privilege without extra execution privileges and wi...

7.8CVSS6.5AI score0.00089EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.25 views

CVE-2025-48649

Technical details for CVE-2025-48649 are not publicly available in the provided Connected and Initial documents. No product/vendor/version mappings or exploit information are specified. Monitor for updates from official advisories to obtain affected scope and remediation.

7.8CVSS5.9AI score0.00079EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.25 views

CVE-2026-0017

CVE-2026-0017 is tied to a logic error in BiometricService.java on the Android platform that could allow enabling fingerprint unlock and cause local elevation of privilege without additional execution privileges or user interaction. The vulnerability appears in the onChange path of BiometricServi...

7.7CVSS6.1AI score0.00096EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.25 views

CVE-2026-0020

CVE-2026-0020 is a Google Android vulnerability in the parsePermissionGroup path of ParsedPermissionUtils.java that enables a local elevation of privilege by bypassing a consent dialog to obtain permissions. The weakness allows exploitation with no user interaction and requires only local access....

8.4CVSS6.1AI score0.00098EPSS
Total number of security vulnerabilities8153