Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2026/03/02 6:42 p.m.25 views

CVE-2026-0026

CVE-2026-0026 describes a logic error in Android’s PermissionManagerServiceImpl.java removePermission path that could allow overriding any system permission, enabling local privilege escalation. Exploitation requires user interaction, and no additional execution privileges are stated. The connect...

7.8CVSS6.1AI score0.00096EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.25 views

CVE-2026-0027

The CVE-2026-0027 issue affects the arm-smmu-v3.c function smmu_detach_dev, where a use-after-free can cause an out-of-bounds write. This vulnerability enables local privilege escalation with System execution privileges required; exploitation does not require user interaction. The available conne...

6.7CVSS6.1AI score0.00147EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.25 views

CVE-2026-0031

CVE-2026-0031 affects Google Android’s kernel code (mem_protect.c) with an out-of-bounds write caused by an integer overflow. This vulnerability allows local privilege escalation without user interaction. Public references indicate Android kernel fixes/updates were released (and related advisorie...

8.4CVSS6.1AI score0.00152EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.25 views

CVE-2026-0045

CVE-2026-0045 concerns a logic error in the Bluetooth stack: in bta_jv_rfcomm_connect of bta_jv_act.cc , there is a possible bypass of bonding for a secure connection. This could allow local escalation of privilege with no additional execution privileges needed, and requires no user interaction t...

7.8CVSS5.9AI score0.00083EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.25 views

CVE-2026-0051

CVE-2026-0051 describes a vulnerability in multiple functions of ubsan_throwing_runtime.cpp that can trigger a system crash via improper input validation, leading to remote denial of service with no extra privileges and no user interaction required. The CVE is documented across NVD entries and re...

6.5CVSS5.9AI score0.00253EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.24 views

CVE-2025-48568

CVE-2025-48568 describes a race-condition vulnerability that allows a lockscreen bypass and local escalation of privilege. Reports across multiple sources indicate exploitation could occur with no user interaction and requires only local access, with no additional execution privileges needed. And...

7.4CVSS6.1AI score0.00076EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.24 views

CVE-2025-48570

CVE-2025-48570 involves PipTaskOrganizer.java in Android, where a confused deputy allows launching an activity from the background, enabling local elevation of privilege without extra execution privileges. The CVE is described as a local, high-severity issue (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:...

7.8CVSS5.9AI score0.00072EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.24 views

CVE-2025-48579

CVE-2025-48579 involves a local elevation-of-privilege in Android’s MediaProvider.java where a proxy/Confused Deputy behavior could bypass the external storage write permission. The issue can allow a local attacker to gain elevated privileges without additional execution privileges or user intera...

8.4CVSS6.1AI score0.00101EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.24 views

CVE-2025-48597

CVE-2025-48597 is an Android Framework–level tapjacking/overlay vulnerability that could enable local privilege escalation without user interaction. Reported details indicate the issue affects Android Framework components and is addressed via Android security patches at patch levels 2025-12-01 / ...

7.8CVSS6.5AI score0.00074EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.24 views

CVE-2025-48646

CVE-2025-48646 affects Google Android via the executeRequest path in ActivityStarter.java, enabling a possible elevation of privilege through a confused deputy. The issue is described as a local escalation of privilege requiring user interaction for exploitation. Affected context in public record...

7.8CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.24 views

CVE-2026-0015

CVE-2026-0015 affects Android components, notably multiple locations in AppOpsService.java where improper input validation can cause a persistent, local Denial of Service . Exploitation requires no user interaction and does not grant additional privileges. The Red Hat/NCSC/NVD entries corroborate...

6.2CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.24 views

CVE-2026-0028

CVE-2026-0028 affects the Linux kernel code path __pkvm_host_share_guest in mem_protect.c, where an integer overflow can cause an out-of-bounds write. This leads to local privilege escalation without user interaction. The existing references in the connected documents (Android kernel changes and ...

8.4CVSS6.1AI score0.00152EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.24 views

CVE-2026-0036

CVE-2026-0036 describes a tapjacking vulnerability in StageCoordinator.java that could enable local privilege escalation via a tapjacking/overlay attack without user interaction. The issue allows exploitation with local access and is associated with the Android platform (Android Bulletin context ...

7.8CVSS5.9AI score0.00072EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.24 views

CVE-2026-0037

CVE-2026-0037 corresponds to a memory corruption issue in multiple functions of ffa.c, caused by a logic error. The CVE affects Google Android components and is described as enabling local escalation of privilege with no extra execution privileges and no user interaction required. The impact is n...

8.4CVSS6.1AI score0.00153EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.24 views

CVE-2026-0040

CVE-2026-0040 affects code in ubsan_throwing_runtime.cpp where an integer overflow can crash the process, enabling remote denial of service with no user interaction. CVSSv3.1 metrics indicate NETWORK access, LOW privileges, LOW attack complexity, and HIGH availability impact. No remediation or ex...

6.5CVSS6AI score0.00253EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.24 views

CVE-2026-0061

CVE-2026-0061 involves multiple functions of WindowState.java where a tapjacking/overlay condition could trick a user into accepting a permission. The issue allows local privilege escalation with no additional execution privileges and does not require user interaction for exploitation, per the pr...

5.9CVSS5.9AI score0.00073EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.24 views

CVE-2026-0067

Technical details, affected products, and remediation are not publicly provided in the supplied documents. Monitor for updates from the listed sources; no concrete exploit or affected versions can be confirmed from the material available.

5.5CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.24 views

CVE-2026-0094

Technical details for CVE-2026-0094 are not publicly available in the provided documents; monitor for updates.

7.8CVSS5.9AI score0.00058EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.24 views

CVE-2026-0096

Technical details are not publicly available in the provided documents. Monitor for updates for potential affected products, impacted components, root cause, and remediation.

7.8CVSS5.9AI score0.00073EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.24 views

CVE-2026-0140

CVE-2026-0140 describes a potential out-of-bounds read in RtpPacket::decodePacket caused by an integer overflow that could lead to remote information disclosure. Exploitation requires user interaction; no remote code execution is stated. Connected sources (NVD, ENISA EUVD, OSV, PT-OSSecurity, And...

4.3CVSS5.7AI score0.00178EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.24 views

CVE-2026-0147

CVE-2026-0147 affects the mfc_core_nal_q_get_dec_metadata_sei_nal function in mfc_core_nal_q.c. The issue is an out-of-bounds write caused by a missing bounds check, which the documents state could enable remote code execution with no extra privileges and no user interaction. The vulnerability is...

8.8CVSS6.2AI score0.00277EPSS
CVE
CVE
added 2025/09/04 7:28 p.m.23 views

CVE-2025-26431

CVE-2025-26431 affects Android Wear OS (and related Android framework components) through a logic error in setupAccessibilityServices inside AccessibilityFragment.java that can cause an enabled accessibility service to be hidden. This enables local privilege escalation with no extra privileges an...

7.8CVSS6.3AI score0.00083EPSS
CVE
CVE
added 2025/09/05 4:10 p.m.23 views

CVE-2025-26461

CVE-2025-26461 affects Android's Permission Manager: a logic error allows the microphone privacy indicator to remain active after the app is closed, enabling local privilege escalation without additional privileges or user interaction. Reported as a low-severity issue (CVSS v3.1 base score 3.3) w...

3.3CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2025/12/08 4:56 p.m.23 views

CVE-2025-32329

CVE-2025-32329 affects Android Framework (Session.java). The described issue is a logic error in multiple Session.java functions that can permit viewing images belonging to another user on the device. This leads to local escalation of privilege with no additional execution privileges required and...

7.8CVSS6.5AI score0.00086EPSS
CVE
CVE
added 2025/09/04 4:49 a.m.23 views

CVE-2025-36891

CVE-2025-36891 is an Elevation of Privilege affecting the Pixel WLAN subsystem (Android). The Pixel Update Bulletin classifies it as WLAN-related EoP with High severity and CVSSv3.1: 8.8 (Network attack vector, low attack complexity, low privileges required, no user interaction, scopes unchanged;...

8.8CVSS6.7AI score0.00204EPSS
CVE
CVE
added 2025/09/04 4:50 a.m.23 views

CVE-2025-36892

CVE-2025-36892 is a Denial of Service vulnerability documented across multiple feeds, with confirmed impact on Google Pixel WLAN components. The NVD/Red Hat/NVD entries describe DoS as the issue’s outcome, rated CVSSv3.1 base score 7.5 (Network, Low attack complexity, No privileges, No user inter...

7.5CVSS6.4AI score0.00176EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.23 views

CVE-2025-48588

Technical details about CVE-2025-48588 are not publicly provided in the supplied documents. Monitor for updates from Android and vendor advisories to obtain affected products, root cause specifics, impact, and fixes.

7.8CVSS6.5AI score0.00084EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.23 views

CVE-2025-48600

CVE-2025-48600 is described across connected sources as an information-disclosure issue caused by a missing permission check that could reveal data across users with local access (no user interaction). The public references point to Android security bulletins and related Android source changes, s...

5.5CVSS5AI score0.001EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.23 views

CVE-2025-48605

CVE-2025-48605 concerns Android’s KeyguardViewMediator.java, where a logic error in multiple functions enables a potential lockscreen bypass. The vulnerability allows local escalation of privilege without extra execution privileges and without user interaction, as described in multiple sources (N...

8.4CVSS6.1AI score0.0011EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.23 views

CVE-2025-48607

Technical details about CVE-2025-48607 are not publicly available in the provided documents. Sources reiterate a local DoS due to a logic error but do not specify affected products/versions or remediation. Monitor for updates.

5.5CVSS5.7AI score0.00075EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.23 views

CVE-2025-48641

CVE-2025-48641 describes a use-after-free in multiple functions of Nfc.h caused by a race condition, enabling local elevation of privilege with no extra execution privileges and without user interaction. The issue is documented across multiple feeds (NVD, Red Hat, RH/CVE, OSV) and is referenced i...

7CVSS6.1AI score0.00069EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.23 views

CVE-2026-0008

CVE-2026-0008 describes a local privilege escalation due to a confused deputy in multiple locations. Exploitation requires no user interaction and can lead to total privilege gain. Connected sources reference Android/Samsung updates; NCSC notes that Google fixed vulnerabilities in Android (14–16)...

8.4CVSS6.1AI score0.00069EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.23 views

CVE-2026-0011

CVE-2026-0011 is described across multiple sources as a logic error in enableSystemPackageLPw() within Settings.java that can prevent location access from functioning, enabling local privilege elevation without requiring additional execution privileges and without user interaction. This vulnerabi...

8.4CVSS6.1AI score0.00112EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.23 views

CVE-2026-0038

CVE-2026-0038 describes a logic error in mem_protect.c across multiple functions that could allow arbitrary code execution, leading to local privilege escalation with no additional privileges and without user interaction. The available sources consistently reference mem_protect.c but do not provi...

8.4CVSS6.4AI score0.00233EPSS
CVE
CVE
added 2026/06/17 7:9 a.m.23 views

CVE-2026-0071

Summary: CVE-2026-0071 affects SettingsLib where a logic error may skip a permission check, enabling local escalation of privilege with no additional privileges or user interaction required. The vulnerability is described across NVD, ENISA EUVD, CVE records, and PT/security bulletins, all citing ...

10CVSS5.6AI score0.00155EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.23 views

CVE-2026-0095

The provided CVE-2026-0095 entries describe a vulnerability in the Bluetooth stack, specifically in the function l2c_fcr_clone_buf in l2c_fcr.cc. The issue is an integer overflow that can trigger controlled heap corruption within the privileged Bluetooth process, leading to local escalation of pr...

8CVSS6AI score0.00107EPSS
CVE
CVE
added 2026/03/10 8:46 p.m.23 views

CVE-2026-0120

CVE-2026-0120 affects the modem (baseband) and is caused by an incorrect bounds check leading to an out-of-bounds write. This could enable remote code execution without privileges and without user interaction. Public details across sources confirm the issue and its critical impact, but do not pro...

9.8CVSS6.3AI score0.00306EPSS
CVE
CVE
added 2026/03/02 6:41 p.m.22 views

CVE-2024-43766

CVE-2024-43766 describes an information-disclosure vulnerability in the Android Bluetooth stack caused by invalid error handling in multiple functions of a file named btm_ble_sec.cc . The issue could enable remote information disclosure to a proximal/adjacent attacker with no additional execution...

6.5CVSS6.1AI score0.00067EPSS
CVE
CVE
added 2025/09/05 4:10 p.m.22 views

CVE-2025-32316

CVE-2025-32316 affects the Android graphics allocator: in gralloc4, a missing bounds check allows an out-of-bounds write, leading to local information disclosure without requiring user interaction or extra privileges. The NVD/Red Hat CNVD entries confirm the same issue; the Android 16 bulletin in...

5.5CVSS5AI score0.00074EPSS
CVE
CVE
added 2025/09/05 4:10 p.m.22 views

CVE-2025-32317

CVE-2025-32317 affects the Android App Widget, where a confused deputy leads to a local information disclosure without extra privileges or user interaction. The issue is categorized as Information Disclosure (CVE type) with a CVSSv3.1 base score of 5.5 (Medium) and a Local attack vector with Conf...

5.5CVSS4.8AI score0.0007EPSS
CVE
CVE
added 2025/09/04 4:56 a.m.22 views

CVE-2025-36900

CVE-2025-36900 refers to an out-of-bounds write caused by an integer overflow in the function lwis_test_register_io within lwis_device_test.c. The impact described across multiple sources is local elevation of privilege requiring system execution privileges, with no user interaction needed. Affec...

6.7CVSS6.3AI score0.00079EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.22 views

CVE-2025-48576

CVE-2025-48576 affects Android’s framework component NotificationManagerService.java, specifically the function updateNotificationChannelGroupFromPrivilegedListener. The issue is a possible permanent denial of service caused by resource exhaustion, leading to local DoS with no additional executio...

5.5CVSS5.7AI score0.00079EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.22 views

CVE-2025-48577

CVE-2025-48577 affects KeyguardViewMediator.java in Android, describing a race-condition that could allow a lockscreen bypass and local elevation of privilege without user interaction. Connected sources (NVD/RH/CNVD) corroborate the lockscreen bypass and local-privilege impact (I/H, C/H/A/H in CV...

7.4CVSS6.1AI score0.00076EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.22 views

CVE-2025-48578

CVE-2025-48578 is described across multiple sources as an elevation-of-privilege issue in Android’s MediaProvider.java, where a missing permission check could allow bypassing WRITE_EXTERNAL_STORAGE. The documented impact is local privilege escalation with no extra execution privileges required, a...

7.8CVSS6.1AI score0.00099EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.22 views

CVE-2025-48582

CVE-2025-48582 describes a local elevation-of-privilege in Android where media files can be deleted without MANAGE_EXTERNAL_STORAGE due to an intent redirect. The issue affects media-related components (MediaProvider/Media codecs) and can be exploited with local access and no user interaction. Th...

8.4CVSS6.1AI score0.00108EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.22 views

CVE-2025-48585

CVE-2025-48585 concerns multiple functions in ProfilingService.java, where improper input validation can cause a persistent local denial of service. The issue is described as a local impact with no privileges and no user interaction required for exploitation. The available sources (NVD, Red Hat, ...

6.2CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.22 views

CVE-2025-48616

CVE-2025-48616 affects a component in KeyguardViewMediator.java, enabling a bypass of lockdown mode via screen pinning due to a logic error. This can lead to local information disclosure without requiring exploitation privileges or user interaction. Document does not specify affected product vers...

3.3CVSS5.9AI score0.00072EPSS
CVE
CVE
added 2026/03/09 9:2 a.m.22 views

CVE-2025-61614

CVE-2025-61614 affects the nr modem. The issue is a system crash caused by improper input validation, leading to remote denial of service with no privileges required. CVSS 3.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) yields a base score of 7.5 (HIGH). Exploitation details are not provided in the doc...

7.5CVSS5.9AI score0.00312EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.22 views

CVE-2026-0043

CVE-2026-0043 affects code paths in ubsan_throwing_runtime.cpp where an integer overflow can cause a persistent denial of service and local escalation of privilege without user interaction. The connected sources (NVD/NVD OSV/ENISA EUVD and related enrichments) consistently describe this flaw as a...

5.5CVSS6AI score0.00074EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.22 views

CVE-2026-0044

CVE-2026-0044 affects the UBSan throwing runtime implementation (ubsan_throwing_runtime.cpp) across multiple functions. The vulnerability is caused by an integer overflow, which can crash the system and result in a remote denial of service. Exploitation requires network access with low attack com...

6.5CVSS6AI score0.00253EPSS
Total number of security vulnerabilities8153