Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/12/08 4:57 p.m.19 views

CVE-2025-48575

Technical details (affected product, versions, root cause, fix) are not publicly provided in the supplied documents. Monitor updates from Android security bulletins and vendor advisories for concrete remediation guidance.

7.8CVSS6.5AI score0.00062EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.19 views

CVE-2025-48601

Technical details (affected products, exact root cause, and fixes) are not publicly disclosed in the provided documents. Monitor for updates from the listed sources.

5.5CVSS6.3AI score0.00074EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.19 views

CVE-2025-48612

CVE-2025-48612 affects Android work-profile contexts where an app can alter the main user's NFC payment default due to improper input validation at multiple locations. The root cause is input validation issues that enable a local escalation of privilege without additional execution privileges or ...

7.8CVSS5.9AI score0.00098EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.19 views

CVE-2025-48618

CVE-2025-48618 is an Android framework elevation-of-privilege vulnerability. In CommandParamsFactory.java, processLaunchBrowser could allow a browser interaction from the lockscreen due to improper locking, enabling physical escalation of privilege without user interaction. Impact is described as...

6.8CVSS6.5AI score0.00118EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.19 views

CVE-2025-48622

CVE-2025-48622 affects the Android/OpenCV-related code path in the dng_misc_opcodes.cpp file, within the ProcessArea, where a buffer overflow can cause an out-of-bounds read. This leads to local information disclosure without requiring user interaction or elevated privileges. The available connec...

5.5CVSS5.5AI score0.00092EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.19 views

CVE-2025-48642

The CVE-2025-48642 issue is described as a logic error in the Android payload.rs file’s jump_to_payload function that enables local information disclosure without requiring user interaction. Documented impact is information disclosure with local access; confidentiality is affected while no integr...

5.5CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2025/12/01 7:36 a.m.19 views

CVE-2025-61609

CVE-2025-61609 affects Unisoc modem components. The connected documents describe a vulnerability caused by improper input validation in the modem, which can cause a system crash and remote denial of service without requiring privileges. The impact is a DoS condition via network access, with no ex...

7.5CVSS6.3AI score0.00232EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.19 views

CVE-2026-0039

CVE-2026-0039 describes a persistent DoS via an integer overflow in multiple functions of ubsan_throwing_runtime.cpp. Affected: GrapheneOS (prior to 2026030200) and likely other components cited in NVD/NVD-derived feeds. Exploitation would be remote, with no user interaction required, and could i...

6.5CVSS6AI score0.00253EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.19 views

CVE-2026-0146

CVE-2026-0146 affects the Exynos MFC component referenced in Pixel security bulletins. The issue is a possible out-of-bounds write in mfc_core_get_dec_metadata_sei_nal (within mfc_core_reg_api.c) caused by a missing bounds check, which could allow remote code execution with no privileges and no u...

8.8CVSS6.2AI score0.00277EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.19 views

CVE-2026-0156

CVE-2026-0156 describes a memory safety issue in checkSsrcCollisionOnRcv of RtpSession.cpp caused by a missing null check. This could allow remote denial of service without additional execution privileges, and exploitation does not require user interaction. The information appears consistently in...

7.5CVSS5.7AI score0.00211EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.19 views

CVE-2026-0157

Summary of findings (CVE-2026-0157): The available documents consistently describe an out-of-bounds read in RtcpHeader::decodeRtcpHeader, caused by a missing bounds check. This leads to remote information disclosure without requiring user interaction; exploitation can occur over the network. The ...

4.3CVSS5.7AI score0.00169EPSS
CVE
CVE
added 2026/02/02 8:15 a.m.19 views

CVE-2026-20415

CVE-2026-20415 affects imgsys with memory corruption due to improper locking. The issue can lead to a local denial of service if an attacker already has System privileges; exploitation requires no user interaction. The publicly cited information does not specify exploit vectors beyond the local a...

5.5CVSS5.4AI score0.00053EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.18 views

CVE-2025-20779

Summary: CVE-2025-20779 describes a use-after-free vulnerability in display handling caused by a race condition, leading to local escalation of privilege if an attacker already has System privileges. The issue is exploitable without user interaction and is categorized with a local attack vector. ...

7CVSS6.3AI score0.00074EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.18 views

CVE-2025-20780

CVE-2025-20780 describes a memory corruption use-after-free in display code that can enable local privilege escalation for an attacker already with System privileges; exploitation does not require user interaction. Affected entity is MediaTek chipsets’ display subsystem (root cause: use-after-fre...

7.8CVSS6.5AI score0.00082EPSS
CVE
CVE
added 2026/01/06 1:47 a.m.18 views

CVE-2025-20784

CVE-2025-20784 affects MediaTek chipsets in the display component, where a memory corruption due to uninitialized data could allow local escalation to System privileges. Exploitation does not require user interaction. The issue is mitigated by patch ALPS10182882 (MSV-4683). The available connecte...

6.7CVSS6.5AI score0.00072EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.18 views

CVE-2025-20797

CVE-2025-20797 describes an out-of-bounds write in the battery component due to a missing bounds check. The issue can enable local privilege escalation to System level without user interaction. Affected context across multiple advisories/feeds references the same root cause and patch: ALPS1031581...

7.8CVSS6.3AI score0.00079EPSS
CVE
CVE
added 2025/12/08 4:56 p.m.18 views

CVE-2025-32319

CVE-2025-32319 affects the Android Framework, specifically the ensureBound path in RemotePrintService.java. The issue permits a background app to bypass foreground permissions, enabling local elevation of privilege with user-execution privileges required yet no user interaction needed for exploit...

6.7CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2026/03/10 7:33 p.m.18 views

CVE-2025-48611

Summary of CVE-2025-48611 : The vulnerability is in the DeviceId.java code path (DeviceId class) where a missing bounds check can cause a desync in persistence, enabling local elevation of privilege without extra execution privileges or user interaction. This is consistently described across mult...

10CVSS5.9AI score0.00193EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.18 views

CVE-2025-48632

In setDisplayName of AssociationRequest.java, there is a potential vulnerability where CDM associations can persist after user disassociation due to improper input validation. This could enable local privilege escalation with no additional privileges and without user interaction. The CVE-2025-486...

7.8CVSS6.5AI score0.00075EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.18 views

CVE-2025-48634

The CVE-2025-48634 entry involves Android’s WindowManagerService relayoutWindow where a missing permission check enables a local elevation-of-privilege (EoP) attack. The vulnerability can be exploited with no user interaction and does not require additional execution privileges. Connected documen...

8.4CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.18 views

CVE-2025-48637

CVE-2025-48637 affects the Android/Linux kernel code path mem_protect.c, where an integer overflow can cause an out-of-bounds write. This leads to local escalation of privilege with no additional execution privileges required and no user interaction needed. Multiple connected sources (Red Hat CVE...

7.8CVSS6.6AI score0.00096EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.18 views

CVE-2025-48638

CVE-2025-48638 affects Google Android’s pKVM (protected Kernel-based Virtual Machine) in the kernel, specifically in __pkvm_load_tracing within trace.c. The flaw is an out-of-bounds write caused by improper input validation, enabling local escalation of privilege with no additional execution priv...

7.8CVSS6.7AI score0.00096EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.18 views

CVE-2026-0136

CVE-2026-0136 affects the Modem component, where a missing bounds check allows an out-of-bounds read. This can lead to remote denial of service without user interaction and with no additional execution privileges required. Public references consistently describe it as a DoS condition impacting Mo...

6.5CVSS5.7AI score0.00253EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.18 views

CVE-2026-0149

CVE-2026-0149 describes a heap-based OOB write in RtpSession::rtpSendRtcpPacket that can lead to remote code execution with no extra privileges or user interaction. Affected component mentioned in Android Pixel bulletin is libpixelimsmedia. Connected sources (NVD/OSV) corroborate the same vulnera...

8.8CVSS6.6AI score0.00285EPSS
CVE
CVE
added 2026/03/02 8:38 a.m.18 views

CVE-2026-20425

CVE-2026-20425 describes a local escalation-of-privilege due to a missing bounds check that allows an out-of-bounds write in display logic. Exploitation requires no user interaction and would grant System-level privileges to a sufficiently privileged attacker. The reports consistently cite the sa...

6.7CVSS5.9AI score0.00077EPSS
CVE
CVE
added 2026/03/02 8:39 a.m.18 views

CVE-2026-20426

CVE-2026-20426 describes a local privilege escalation via an out-of-bounds write caused by a missing bounds check in display handling. The vulnerability could allow a user with System privileges to escalate, with exploitation not requiring user interaction (local access). A patch is available: AL...

6.7CVSS5.9AI score0.00077EPSS
CVE
CVE
added 2026/03/02 8:39 a.m.18 views

CVE-2026-20429

CVE-2026-20429 describes a local out-of-bounds read caused by a missing bounds check in the display path, potentially enabling local information disclosure when an attacker already has System privileges. All sources (NVD/Red Hat/OSV, etc.) consistently state: no user interaction is required and t...

4.4CVSS5.9AI score0.00073EPSS
CVE
CVE
added 2026/06/17 7:19 a.m.18 views

CVE-2026-28576

In Android, the Contacts Provider is affected by CVE-2026-28576, caused by a SQL injection in the contacts database access path. This allows local information disclosure without extra execution privileges and without user interaction. The issue is described across CVE entries and ENISA/Android re...

10CVSS6AI score0.00148EPSS
CVE
CVE
added 2025/12/01 7:35 a.m.17 views

CVE-2025-11131

The CVE-2025-11131 issue resides in the UNISOC nr modem. The root cause is improper input validation in the modem path, which can cause a system crash and allow remote denial of service without extra privileges. The vulnerability is network-exploitable and does not require user interaction. Publi...

7.5CVSS6.3AI score0.00232EPSS
CVE
CVE
added 2025/12/01 7:35 a.m.17 views

CVE-2025-11132

CVE-2025-11132 affects the Unisoc nr modem. The issue is a flaw from improper input validation in the modem stack, which can cause a system crash and remote denial of service without requiring privileges. In the available connected documents, concrete exploit details for this CVE are not provided...

7.5CVSS6.3AI score0.00232EPSS
CVE
CVE
added 2025/09/01 5:12 a.m.17 views

CVE-2025-20706

CVE-2025-20706 affects the mbrain component, where a use-after-free memory corruption issue could enable local privilege escalation if an attacker has System privileges. The vulnerability requires no user interaction. A patch is referenced (ALPS09924624; MSV-3826). Connected sources confirm the i...

7.8CVSS6.3AI score0.00089EPSS
CVE
CVE
added 2025/11/04 6:20 a.m.17 views

CVE-2025-20747

CVE-2025-20747 describes an out-of-bounds write in the gnss service caused by an incorrect bounds check. The issue could allow a local attacker with System privileges to escalate privileges, with no user interaction required. A patch is available (Patch ID: ALPS10010443; MSV-3966). Documented ref...

6.7CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2025/12/02 2:34 a.m.17 views

CVE-2025-20766

Summary: CVE-2025-20766 refers to a memory corruption issue caused by improper input validation in MediaTek chipsets. The vulnerability could enable local escalation of privilege to SYSTEM without user interaction, as indicated by a high-severity CVSS v3.1 base score (7.8) with LOCAL attack vecto...

7.8CVSS6.5AI score0.00072EPSS
CVE
CVE
added 2025/12/02 2:34 a.m.17 views

CVE-2025-20767

CVE-2025-20767 affects MediaTek chipsets. The issue is an out-of-bounds write caused by an integer overflow in display handling, enabling local escalation of privilege if the attacker already has System-level privileges. Exploitation details are not provided in the documents; no user interaction ...

7.8CVSS6.4AI score0.00072EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.17 views

CVE-2025-20802

In geniezone, a memory corruption vulnerability exists due to a use-after-free condition that could lead to local elevation of privilege if an attacker already has System privileges. No user interaction is required. A patch is available: ALPS10238968 (MSV-4914). This CVE references multiple sourc...

6.7CVSS6.5AI score0.00071EPSS
CVE
CVE
added 2025/12/08 4:56 p.m.17 views

CVE-2025-22420

CVE-2025-22420 is a local elevation-of-privilege vulnerability in the Android Framework that could allow leaking audio files across user profiles due to a confused deputy. Exploitation is described as requiring no user interaction and being locally executable. The Android security bulletin and Re...

7.8CVSS6.4AI score0.00074EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.17 views

CVE-2025-36916

CVE-2025-36916 affects code path in PrepareWorkloadBuffers of gxp_main_actor.cc, where a race condition can cause a double fetch. This permits local escalation of privilege with no extra execution privileges and no user interaction needed; exploitation is local. Connected documents corroborate th...

7CVSS6.4AI score0.00054EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.17 views

CVE-2025-36918

CVE-2025-36918 describes an out-of-bounds read in the function aoc_service_read_message within aoc_ipc_core.c , leading to a possible local escalation of privilege with System privileges required. The prerequisite is local access; no user interaction is needed. Connected sources consistently refe...

7.8CVSS6.3AI score0.00095EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.17 views

CVE-2025-36921

CVE-2025-36921 affects Google Pixel devices via ProtocolPsUnthrottleApn() in protocolpsadapter.cpp, where a missing bounds check enables an out-of-bounds read that can lead to local information disclosure and requires baseband firmware compromise. The exploitation is reported as possible without ...

5.5CVSS5AI score0.00067EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.17 views

CVE-2025-36931

CVE-2025-36931: Out-of-bounds write in GetHostAddress of gxp_buffer.h allows local privilege escalation without user interaction. Documented in multiple sources (e.g., Android Pixel bulletin) as a local issue related to Pixel devices; patch guidance indicates updating to the December 2025 patch l...

7.8CVSS6.4AI score0.00071EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.17 views

CVE-2025-48594

Technical details for CVE-2025-48594 are not publicly available in the provided documents. No specifics on affected products, versions, root cause, or fixes are disclosed here. Monitor for updates from connected sources.

7.8CVSS6.5AI score0.00081EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.17 views

CVE-2025-48603

Technical details are not publicly available in the provided documents for CVE-2025-48603; monitor for updates as more data may be published by vendors and trackers.

5.5CVSS5.7AI score0.00079EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.17 views

CVE-2025-48604

Technical details for CVE-2025-48604 are not publicly provided in the connected documents. Monitoring for updates is advised as more specifics (affected products, versions, and fixes) may be released.

5.5CVSS5AI score0.00077EPSS
CVE
CVE
added 2025/12/08 5:27 p.m.17 views

CVE-2025-48625

CVE-2025-48625 is a local privilege-escalation issue affecting Android (noted in the Android 16 QPR2 bulletin). The vulnerability arises from race conditions in UsbDataAdvancedProtectionHook.java, allowing access to USB data when the screen is off, with no user interaction required. Impact is des...

7CVSS6.4AI score0.00059EPSS
CVE
CVE
added 2026/05/06 1:43 a.m.17 views

CVE-2025-71254

Technical details are not publicly available in the provided documents. Monitor for updates.

7.5CVSS6AI score0.00305EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.17 views

CVE-2026-0007

Consolidated sources describe CVE-2026-0007 as a vulnerability in WindowInfo.cpp, writeToParcel, enabling a tapjacking/overlay attack that could grant permissions and allow local elevation of privilege without additional execution privileges. Exploitation details are not provided in the Initial d...

8.6CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.17 views

CVE-2026-0042

CVE-2026-0042 describes a persistent denial-of-service risk in multiple functions of ubsan_throwing_runtime.cpp due to resource exhaustion. The issue enables local denial of service without elevation of privileges and does not require user interaction. The affected context is the UBSan throwing r...

5.5CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2026/06/17 6:59 a.m.17 views

CVE-2026-0064

CVE-2026-0064 is identified as a DoS vulnerability affecting Android Framework in Android 17 release notes. The issue describes a persistent denial of service due to resource exhaustion that can lead to local denial of service without user interaction. The NVD entry lists a base score of 5.5 (MED...

10CVSS5.6AI score0.00122EPSS
CVE
CVE
added 2026/06/17 6:49 a.m.17 views

CVE-2026-0068

In Android, CVE-2026-0068 affects PackageInstallerService.java (createSessionInternal). The vulnerability enables a local attacker to remove a DPC app from a managed device without DO consent due to persistence desync, potentially causing local elevation of privilege if a malicious app is install...

10CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/06/17 7:13 a.m.17 views

CVE-2026-0082

CVE-2026-0082 affects the Android framework: in NfcDispatcher.java’s tryStartActivity there is an insecure default value that can automatically assign a special app access permission. This leads to local elevation of privilege with no extra execution privileges required and no user interaction ne...

10CVSS5.6AI score0.00165EPSS
Total number of security vulnerabilities8153