Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2026/06/17 7:24 a.m.22 views

CVE-2026-0063

CVE-2026-0063 affects the Android framework component PhoneInterfaceManager.java, where a logic error in setAllowedCarriers could disable carrier restrictions, enabling local privilege escalation with no additional privileges and no user interaction required. The issue is cataloged as an Elevatio...

10CVSS5.6AI score0.00155EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.22 views

CVE-2026-0152

CVE-2026-0152 affects the OSMMapPMRGeneric path in pmr_os.c. A logic error may allow abusing a system-call sequence to expand the VMA out of bounds, enabling local privilege escalation with no extra privileges or user interaction required. Documented impact is high for confidentiality, integrity,...

7.8CVSS5.6AI score0.00071EPSS
CVE
CVE
added 2026/02/02 8:15 a.m.22 views

CVE-2026-20411

CVE-2026-20411 affects the cameraisp component, with a use-after-free condition that enables escalation of privileges and could cause local denial of service when the attacker already has System privileges. Exploitation is reported as not requiring user interaction. The vulnerability is accompani...

7.8CVSS5.4AI score0.00096EPSS
CVE
CVE
added 2025/08/04 1:49 a.m.21 views

CVE-2025-20698

CVE-2025-20698 affects Power HAL and describes an out-of-bounds write caused by a missing bounds check. The impact is local escalation of privilege to System level without user interaction. The vulnerability details indicate the presence of a patch (ALPS09915400) and a tracked Issue ID (MSV-3793)...

6.7CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.21 views

CVE-2025-32348

CVE-2025-32348 affects Android devices. The underlying issue is a missing permission check in multiple locations that can allow a background activity to be launched, enabling local elevation of privilege without additional execution privileges, and no user interaction is required to exploit. The ...

7.8CVSS5.9AI score0.00072EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.21 views

CVE-2025-36889

CVE-2025-36889 is a local information-disclosure vulnerability affecting Google Pixel devices in the Camera2 path. The issue arises in onCreateTasks of CameraActivity.java where a permission bypass due to a confused deputy could allow information disclosure without requiring additional execution ...

5.5CVSS5.2AI score0.00064EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.21 views

CVE-2025-36928

CVE-2025-36928 : The issue is a potential out-of-bounds write in GetHostAddress of gxp_buffer.h caused by an incorrect bounds check. This can enable local escalation of privilege with no extra execution privileges required and no user interaction needed. Affected reports appear in multiple feeds ...

7.8CVSS6.5AI score0.00087EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.21 views

CVE-2025-36930

CVE-2025-36930 involves a potential out-of-bounds write in GetHostAddress of gxp_buffer.h, caused by a missing bounds check. This can lead to local elevation of privilege with no extra execution privileges or user interaction required. Multiple feeds (NVD, Red Hat, ENISA, CVE lists, and Android P...

7.8CVSS6.4AI score0.00087EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.21 views

CVE-2025-48555

The CVE-2025-48555 entry concerns a vulnerability in the Android code path involving NotificationStation.java, where cross-profile information disclosure can occur due to a confused deputy. The impact is local privilege escalation without requiring additional execution privileges or user interact...

7.8CVSS5.8AI score0.00078EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.21 views

CVE-2025-48583

CVE-2025-48583 involves a logic error in BaseBundle.java across multiple Android components, enabling potential arbitrary code execution and local privilege escalation without user interaction. The issue is described consistently across NVD/Red Hat/OSV and related sources as an Elevation of Privi...

7.8CVSS7.4AI score0.00084EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.21 views

CVE-2025-48599

The CVE-2025-48599 entry concerns the WifiScanModeActivity.java code path, where a missing permission check could allow local escalation of privilege. Multiple connected sources (Red Hat CVE page, ENISA EUVD entry, CNNVD, NVD, and OSV/CVE lists) describe the issue as a local privilege elevation w...

7.8CVSS6.4AI score0.00075EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.21 views

CVE-2025-48609

CVE-2025-48609 involves a path traversal issue in MmsProvider.java across Google Android components that can allow arbitrary file deletion and impact telephony, SMS, and MMS features. The vulnerability can cause a local denial of service without extra privileges or user interaction, as reported b...

9.1CVSS6.1AI score0.00263EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.21 views

CVE-2025-48615

Technical details (affected product/version, root cause, exploitability, impact, patch) for CVE-2025-48615 are not publicly provided in the supplied documents. The CVE is referenced in patch previews but no specifics are available here.

7.8CVSS6.5AI score0.00098EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.21 views

CVE-2025-48620

CVE-2025-48620 affects Android's VoiceInteractionManagerService.java (onSomePackagesChanged). Description indicates a logic error could allow a third-party component name to persist after uninstall, enabling local privilege escalation with no extra privileges and no user interaction required. Con...

7.8CVSS6.5AI score0.00087EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.21 views

CVE-2025-48635

CVE-2025-48635 affects Google Android, with a logic error in multiple paths of TaskFragmentOrganizerController.java that leaks an activity token. The vulnerability can enable local elevation of privilege without additional execution privileges and without user interaction. The issue is described ...

7.7CVSS6.1AI score0.00102EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.21 views

CVE-2025-48644

CVE-2025-48644 is described across multiple sources as a DoS issue caused by improper input validation in various locations, enabling a local denial-of-service with no user interaction or additional privileges required. The linked documents consistently frame the impact as a persistent DoS affect...

5.5CVSS6.1AI score0.00087EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.21 views

CVE-2025-48653

CVE-2025-48653 affects Google Android, with a logic error in loadDataAndPostValue across multiple files that may obscure permission usage and enable local privilege escalation without extra privileges or user interaction. Affects Android components as described in multiple feeds; CVSS vectors ind...

8.4CVSS6.1AI score0.00098EPSS
CVE
CVE
added 2025/12/01 7:36 a.m.21 views

CVE-2025-61610

CVE-2025-61610 affects UNISOC nr modem. The issue is improper input validation in the modem’s processing, which can cause a system crash and remote denial of service without extra privileges. CVSS v3.1 vector indicates network attack, low attack complexity, no user interaction, and availability i...

7.5CVSS6.3AI score0.00232EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.21 views

CVE-2026-0013

CVE-2026-0013 affects the DocumentsUI path in Android (Documents UI, DocumentsUI/Picker flow via PickActivity.setupLayout). The vulnerability allows a confused deputy to start any activity from within a DocumentsUI app, enabling local privilege elevation without extra execution privileges or user...

8.4CVSS6.1AI score0.00091EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.21 views

CVE-2026-0021

CVE-2026-0021 describes a cross-user permission bypass in AppInfoBase.java (hasInteractAcrossUsersFullPermission). The flaw enables local escalation of privilege with no extra execution privileges required and no user interaction needed to exploit. Android ecosystem sources (NVD/NCSC/CIRCL/CVELIS...

8.4CVSS6.1AI score0.00098EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.21 views

CVE-2026-0032

CVE-2026-0032 describes a possible out-of-bounds write in multiple functions of the mem_protect.c file, caused by a logic error, enabling local escalation of privilege with no additional execution privileges and without user interaction. The affected component appears to be kernel/media-related c...

7.8CVSS6.1AI score0.00093EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.21 views

CVE-2026-0075

The CVE-2026-0075 entry describes a SQL injection that could permit access to the contacts database, enabling local escalation of privilege with no additional privileges required and no user interaction needed. Connected documents (including RH/CVE, EUVD, NVD, CNNVD, and others) reiterate the sam...

7.8CVSS6AI score0.00094EPSS
CVE
CVE
added 2025/11/04 6:19 a.m.20 views

CVE-2025-20730

CVE-2025-20730 concerns MediaTek’s MediaTek ALPS preloader with an insecure default value that can enable local elevation of privilege. The vulnerability allows a scenario where a user with System privileges could escalate further without user interaction. The CVE is documented across multiple fe...

6.7CVSS6.3AI score0.00073EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.20 views

CVE-2025-36923

CVE-2025-36923 affects the NrmmDecoder::DecodeSORTransparentContext function in cn_NrmmDecoder.cpp, where a heap buffer overflow can cause an out-of-bounds write. This could enable remote (proximal/adjacent) escalation of privilege with no user interaction required. Exploitation details, affected...

8CVSS7.4AI score0.00111EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.20 views

CVE-2025-36927

CVE-2025-36927 concerns a potential out-of-bounds write in GetTachyonCommand within tachyon_server_common.h. The issue arises from a missing bounds check, enabling local escalation of privilege without additional execution privileges or user interaction, as described across multiple connected rec...

7.8CVSS6.4AI score0.00087EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.20 views

CVE-2025-36935

CVE-2025-36935 involves a memory corruption flaw in the function trusty_ffa_mem_reclaim inside shared-mem-smcall.c. The issue arises from uninitialized data and can enable local escalation of privilege without requiring extra execution privileges. Exploitation reportedly does not require user int...

7.8CVSS6.6AI score0.00071EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.20 views

CVE-2025-48538

CVE-2025-48538 affects the Android Framework, specifically the PackageManagerService.setApplicationHiddenSettingAsUser function. The root cause is improper input validation when hiding system-critical packages, which can allow local denial of service without requiring exploits or user interaction...

5.5CVSS5.7AI score0.00079EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.20 views

CVE-2025-48564

CVE-2025-48564 affects Android Framework components and is caused by a race-condition that enables an attacker to bypass intent filters, leading to local escalation of privilege with no extra execution privileges or user interaction required. Multiple connected sources describe this as a local Eo...

7CVSS6.4AI score0.00073EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.20 views

CVE-2025-48580

Technical details about CVE-2025-48580 are not publicly provided in the supplied documents. Monitor for updates from Android bulletin and vendor advisories for complete root-cause, affected products, and fixes.

7.8CVSS6.4AI score0.00115EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.20 views

CVE-2025-48592

CVE-2025-48592 describes a vulnerability in the C2SoftDav1dDec.cpp decoder where in initDecoder there is an out-of-bounds read caused by a heap buffer overflow. This can lead to remote information disclosure without extra privileges or user interaction. The available connected sources (Red Hat, E...

7.5CVSS6.1AI score0.00316EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.20 views

CVE-2025-48610

CVE-2025-48610 stems from a logic error in mem_protect.c __pkvm_guest_relinquish_to_host, enabling a local information disclosure without required privileges or user interaction. Affected component: Android/Linux kernel KVM (pkvm) code path. Impact: potential leakage of configuration data. Exploi...

5.5CVSS5.2AI score0.00084EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.20 views

CVE-2025-48619

CVE-2025-48619 affects Android’s ContentProvider.java (ContentProvider) where a logic error can let an app with read-only access truncate files, causing local elevation of privilege without extra privileges or user interaction. Public sources (NVD/NVDCNVD) describe the issue and note Android secu...

8.4CVSS6.1AI score0.001EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.20 views

CVE-2025-48627

CVE-2025-48627 affects the Android Framework, specifically the startNextMatchingActivity path in ActivityTaskManagerService.java. The issue is a logic error that can allow launching an activity from the background, resulting in local escalation of privilege without additional execution privileges...

7.8CVSS6.5AI score0.00079EPSS
CVE
CVE
added 2026/06/17 5:53 a.m.20 views

CVE-2025-48640

CVE-2025-48640 is described across multiple connected sources as a remote elevation of privilege in Android components caused by a missing permission check during 3rd‑party passkey entry pairing approval. The impact is high (CVE notes adjacent/remote escalation with no user interaction) with a lo...

8CVSS5.7AI score0.00094EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.20 views

CVE-2026-0018

The CVE-2026-0018 issue affects AccessibilityManagerService.java and represents a local DoS caused by improper input validation across multiple functions. The impact is a persistent Denial of Service requiring no user interaction, with an attacker likely able to trigger it locally. The CVSS 3.1 v...

5.5CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.20 views

CVE-2026-0060

Technical details about CVE-2026-0060 are not publicly available in the provided documents. No affected products, vectors, or mitigations are specified here. Monitor for updates as new information becomes available.

5.5CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.20 views

CVE-2026-0088

The CVE-2026-0088 affects Android’s CertInstaller.getCallingAppLabel, where a misleading or insufficient UI could allow hiding a sensitive security dialogue. This enables local privilege escalation with no extra privileges and no user interaction required for exploitation, as described across NVD...

7.8CVSS5.9AI score0.00079EPSS
CVE
CVE
added 2026/03/10 8:46 p.m.20 views

CVE-2026-0124

CVE-2026-0124 is described in connected sources as an out-of-bounds write due to a missing bounds check that enables local Elevation of Privilege without user interaction. In the Pixel security bulletin, it is listed under Pixel vulnerabilities as a Bootloader issue (EoP, Critical). The Red Hat a...

10CVSS5.9AI score0.00136EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.20 views

CVE-2026-0161

CVE-2026-0161 affects Google Android (Pixel bulletin context) with an out-of-bounds write in RtpSession.cpp due to an integer overflow in numberOfReportBlocks, enabling remote privilege escalation without user interaction. Connected sources (Android Pixel bulletin) flag this as an Elevation of Pr...

8.8CVSS5.8AI score0.00231EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.20 views

CVE-2026-28581

Technical details for CVE-2026-28581 are not publicly available in the provided documents; monitor for updates.

4CVSS5.9AI score0.00074EPSS
CVE
CVE
added 2025/08/04 1:49 a.m.19 views

CVE-2025-20697

CVE-2025-20697 : In Power HAL (MediaTek), an out-of-bounds write caused by a missing bounds check could enable local escalation of privilege if the attacker already has System privileges. Exploitation requires no user interaction. A patch is available: ALPS09915681 (MSV-3795). Multiple feeds corr...

6.7CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2025/09/01 5:12 a.m.19 views

CVE-2025-20705

CVE-2025-20705 concerns a memory corruption issue (use-after-free) in the MediaTek Modem’s monitor_hang path that could enable local privilege escalation if an attacker already has System privileges. Exploitation is described as not requiring user interaction. The vulnerability is tied to a patch...

7.8CVSS6.3AI score0.00089EPSS
CVE
CVE
added 2025/10/14 9:11 a.m.19 views

CVE-2025-20721

Inimgsensor, there is a confirmed out-of-bounds write due to a missing bounds check that can enable local escalation of privilege when System privileges are present. No user interaction is required. The issue is tracked with Patch ID ALPS10089545 and Issue ID MSV-4279. Affected component is imgse...

7.8CVSS6.3AI score0.00089EPSS
CVE
CVE
added 2025/11/04 6:20 a.m.19 views

CVE-2025-20746

The CVE-2025-20746 entry concerns GNSS service software (as referenced across multiple sources) with an out-of-bounds write caused by an incorrect bounds check. This condition can enable local privilege escalation to System if already present, with no user interaction required. The vulnerability ...

6.7CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2025/12/02 2:34 a.m.19 views

CVE-2025-20768

CVE-2025-20768: A memory bounds-checking fault causes an out-of-bounds read, enabling local privilege escalation if an attacker already has SYSTEM privileges. No user interaction required. Patch ALPS10196993 (MSV-4805) is available; impact is described with HIGH confidentiality/integrity/availabi...

7.8CVSS6.2AI score0.00077EPSS
CVE
CVE
added 2026/01/06 1:47 a.m.19 views

CVE-2025-20785

CVE-2025-20785 affects MediaTek chipsets (display component). The issue is a memory corruption via a use-after-free in display paths, leading to local privilege escalation if an attacker already has System privileges. Exploitation details or in-the-wild status are not provided in the documents. A...

6.7CVSS6.5AI score0.00072EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.19 views

CVE-2025-20795

CVE-2025-20795 describes an out-of-bounds write in the KeyInstall component caused by a missing bounds check, enabling local escalation to System privileges. Exploitation does not require user interaction per the description. Public records reference a patch: ALPS10276761 (MSV-5141). The CVSS met...

7.8CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2025/08/06 4:23 a.m.19 views

CVE-2025-21024

Samsung Smart View before Android 16 is affected by CVE-2025-21024 due to the use of implicit intents for sensitive communication, enabling local attackers to access sensitive information through the affected component. The issue is described across multiple sources as a vulnerability in Smart Vi...

5.5CVSS6.2AI score0.00076EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.19 views

CVE-2025-22426

CVE-2025-22426 involves a logic error in ComputerEngine.java that can allow cross-user access to URIs, enabling local privilege escalation without user interaction. Exploitation details and affected product/version specifics are not provided in the documents; remediation/patch details are not exp...

7.8CVSS5.9AI score0.00084EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.19 views

CVE-2025-36922

CVE-2025-36922 is a kernel-side issue in bigo_map() within bigo_iommu.c that enables information disclosure via a use-after-free, enabling local privilege escalation with SYSTEM-level execution privileges. Exploitation is not user-initiated. Affected platform details in public postings point to P...

6.7CVSS5.7AI score0.00072EPSS
Total number of security vulnerabilities8153