Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/09/04 6:17 p.m.482 views

CVE-2025-48530

CVE-2025-48530 affects the Android System component. It arises from out-of-bounds access due to incorrect bounds checking in multiple locations, enabling remote code execution with no extra privileges and no user interaction. The issue is characterized as a global Android risk in the System table...

8.1CVSS7.5AI score0.00498EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.481 views

CVE-2025-48595

CVE-2025-48595 is an Android Framework vulnerability involving an integer overflow that could enable code execution and local privilege escalation without user interaction. The Android Security Bulletin (June 2026) lists this CVE under Framework in the 2026-06-01 patch level with an overall high/...

8.4CVSS6.3AI score0.01714EPSS
In wild
CVE
CVE
added 2017/09/14 7:0 p.m.478 views

CVE-2017-0785

CVE-2017-0785 is an Android Bluetooth SDP information-disclosure vulnerability in the Bluetooth stack. The SDP server can leak memory/allow an out-of-bounds read by manipulating the SDP continuation state in requests, enabling information disclosure. Affected Android versions include 4.4.4–8.0 (a...

6.5CVSS6.8AI score0.12388EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.472 views

CVE-2025-48543

The CVE-2025-48543 entry describes a use-after-free vulnerability in the Android Runtime (ART) that can escape the Chrome sandbox to attack system_server, enabling local privilege escalation without user interaction. Affected scope per sources includes ART-related code paths in Android 13–16, wit...

8.8CVSS6.5AI score0.00545EPSS
In wild
CVE
CVE
added 2019/09/06 9:51 p.m.462 views

CVE-2019-9455

CVE-2019-9455: In the Android kernel video driver, there is a kernel pointer leak caused by a WARN_ON statement, leading to local information disclosure with System execution privileges needed. Local exploitation is possible without user interaction. The connected Nessus advisories corroborate th...

2.3CVSS4.4AI score0.00179EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.462 views

CVE-2025-22429

CVE-2025-22429 affects Android Framework. A logic error in multiple locations could allow local elevation of privilege with no user interaction required. Exploitation status isn’t detailed in the provided documents. Android security bulletin entries associate this CVE with the 2025-04 patch level...

9.8CVSS7.3AI score0.00236EPSS
CVE
CVE
added 2025/09/04 5:15 p.m.459 views

CVE-2025-26455

The CVE-2025-26455 entry describes an out-of-bounds write in NdkMediaCodec.cpp caused by a heap buffer overflow, enabling local privilege escalation with no additional execution privileges and no user interaction required. The connected documents do not provide exploitation details or concrete pa...

7.8CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2025/09/04 6:17 p.m.456 views

CVE-2025-22441

CVE-2025-22441 concerns a Confused Deputy in Android RemoteViews loading path. The vulnerability arises when RemoteViews.mApplication can influence LoadedApk via getContextForResourcesEnsuringCorrectCachedApkPaths, leading to checkAndUpdateApkPaths potentially altering the LoadedApk state and Loa...

7.3CVSS6.8AI score0.00105EPSS
CVE
CVE
added 2025/09/04 5:12 p.m.456 views

CVE-2025-26444

CVE-2025-26444 affects Android’s VoiceInteractionManagerService (onHandleForceStop). A logic error can cause a user-selected assistant to be forcibly stopped, causing the system to revert to the default assistant and locally escalate privileges by granting ROLE_ASSISTANT to the default app with n...

7.8CVSS6.3AI score0.00086EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.449 views

CVE-2025-22419

Android framework vulnerability (CVE-2025-22419) where a tapjacking/overlay attack could mislead a user into enabling malicious phone call forwarding, enabling local privilege escalation with user interaction required. Public details point to patches in the 2025-04-01/04-05 security levels; remed...

7.3CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.449 views

CVE-2025-26436

CVE-2025-26436 refers to a BAL bypass in Android’s PendingIntentRecord.clearAllowBgActivityStarts, enabling an application to launch an activity from the background and achieve local elevation of privilege without user interaction. Affected component: Android Framework (PendingIntentRecord.java)....

7.8CVSS6.3AI score0.00083EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.448 views

CVE-2025-22437

CVE-2025-22437 is tied to a logic error in Android’s setMediaButtonReceiver across multiple files, enabling a background process to launch arbitrary activities and cause local privilege escalation without extra execution privileges or user interaction. The vulnerability is categorized as Elevatio...

7.8CVSS6.5AI score0.00086EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.448 views

CVE-2025-26440

CVE-2025-26440 affects Android, stemming from issues in CameraService.cpp that can enable background camera use via a permissions bypass. This allows local elevation of privilege with no extra execution privileges and no user interaction required. Documented across multiple sources (Red Hat, NVD,...

7.8CVSS6.4AI score0.00083EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.447 views

CVE-2024-31317

CVE-2024-31317 is a Zygote command-injection vulnerability affecting Android 9–13, enabling a non-privileged app with WRITE_SECURE_SETTINGS to trigger code execution in the Zygote process via unsafe deserialization and manipulated Zygote arguments (e.g., runtime-flags, hidden_api_blacklist_exempt...

7.8CVSS7.3AI score0.00779EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.446 views

CVE-2024-49728

CVE-2024-49728 affects Android Bluetooth code via generateFileInfo in BluetoothOppSendFileInfo.java, enabling a confused deputy to cause cross-user media disclosure. The issue yields local information disclosure without additional privileges and does not require user interaction to exploit, per t...

5.5CVSS5AI score0.00088EPSS
CVE
CVE
added 2021/02/10 4:50 p.m.445 views

CVE-2021-0326

CVE-2021-0326 affects wpa_supplicant (P2P/Wi-Fi Direct) where a missing bounds check in p2p_copy_client_info can cause an out-of-bounds write. The flaw may enable remote code execution or other impacts when a device participates in P2P group info processing and is within radio range; no user inte...

7.9CVSS7.8AI score0.04707EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.445 views

CVE-2023-35657

CVE-2023-35657 affects the Bluetooth stack component bta_av_config_ind in bta_av_aact.cc, where a type confusion can cause an out-of-bounds read leading to local information disclosure without extra privileges or user interaction. Public references indicate this vulnerability is tracked in Androi...

4CVSS5AI score0.0009EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.444 views

CVE-2025-22422

Technical details for CVE-2025-22422 are not publicly provided in the connected documents. Monitor for updates from referenced sources; current materials describe a logic-error elevation of privilege without detail on affected products or fixes.

7.8CVSS6.5AI score0.00093EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.444 views

CVE-2025-22430

CVE-2025-22430 affects Android framework code where isInSignificantPlace missing a permission check could disclose local information. Impact is information disclosure without extra privileges; exploitation is local and requires no user interaction. Connected sources (Android Security Bulletin ent...

5.5CVSS4.9AI score0.00093EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.443 views

CVE-2025-22434

The CVE-2025-22434 issue affects Android Framework, specifically in handleKeyGestureEvent within PhoneWindowManager.java, enabling local privilege escalation without user interaction due to a logic error. The connected Android Security Bulletin entries assign this CVE to an EoP (High) impact in t...

7.8CVSS6.3AI score0.00087EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.443 views

CVE-2025-26421

CVE-2025-26421 affects the Android platform System component. The issue is a logic error that enables local escalation of privilege via a lock-screen bypass, with no user interaction required. Impact is described as Elevation of Privilege (EoP) on the device. AOSP patches update the System compon...

4CVSS6.3AI score0.00095EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.443 views

CVE-2025-26423

CVE-2025-26423 is tied to Android’s WifiConfigurationUtil.java, in the function validateIpConfiguration . The issue arises from a missing bounds check that can be triggered to cause a permanent DoS and potentially enable a local escalation of privilege with no extra privileges required. The CVE d...

6.2CVSS6.2AI score0.00089EPSS
CVE
CVE
added 2025/09/04 5:15 p.m.443 views

CVE-2025-26456

CVE-2025-26456 affects DexUseManagerLocal.java in Android; a logic error can crash the system server, leading to local, permanent denial of service without extra privileges or user interaction. Exploitation / patch details are not provided in the supplied documents; no explicit remediation versio...

5.5CVSS5.7AI score0.00092EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.442 views

CVE-2025-22421

CVE-2025-22421 affects Android; a logic error in ContentDescForNotification (NotificationContentDescription.kt) may leak notification content on the lockscreen. This enables local information disclosure with no user interaction. The issue is documented across multiple sources (NVD/Red Hat/CVE dat...

5.5CVSS5.1AI score0.00098EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.442 views

CVE-2025-22425

CVE-2025-22425 : Android framework issue in InstallStart.java onCreate causing a local elevation of privilege due to improper input validation. The vulnerability enables a permissions bypass with only local access and requires user interaction to exploit. Exploitation context is supported by mult...

5.1CVSS6.3AI score0.00095EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.441 views

CVE-2023-21108

CVE-2023-21108 affects Android 11–13 via the Bluetooth SDP discovery path: in sdpu_build_uuid_seq of sdp_discovery.cc, an out-of-bounds write caused by a use-after-free can lead to remote code execution if Hands Free Profile (HFP) is enabled. No user interaction is required. The vulnerability is ...

8.8CVSS8.8AI score0.00239EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.441 views

CVE-2025-26429

CVE-2025-26429 is an Android vulnerability where the collectOps path in AppOpsService.java allows a local DoS due to improper input validation. Exploitation is local with no user interaction and no extra privileges required. The connected advisories reference Android security bulletins and vendor...

5.5CVSS5.6AI score0.00076EPSS
CVE
CVE
added 2020/09/17 12:0 a.m.440 views

CVE-2020-0427

CVE-2020-0427 is confirmed in the connected documents as an Android kernel issue affecting the pinctrl subsystem (core.c). The vulnerability arises in create_pinctrl, where an out-of-bounds read can occur due to a use-after-free, potentially allowing local information disclosure without extra exe...

5.5CVSS5.8AI score0.00492EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.440 views

CVE-2022-22292

CVE-2022-22292 affects Samsung Telecom dynamic receiver functionality; an unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted apps to launch arbitrary activity. CVSSv3.1 basis: LOCAL, LOW privileges, HIGH impact on confidentiality/integrity, and HIGH impact on...

7.8CVSS7.5AI score0.00131EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.440 views

CVE-2025-22428

The CVE describes a logic error in AppInfoBase.java hasInteractAcrossUsersFullPermission that could allow granting permissions to a secondary user from the primary user, enabling local privilege escalation without user interaction. Affected component: Android framework/AppInfoBase.java. Impact: l...

7.8CVSS6.3AI score0.00079EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.440 views

CVE-2025-22433

CVE-2025-22433 affects Android Framework: a logic error in canForward() of IntentForwarderActivity.java may bypass the cross-profile intent filter used in Work Profiles, enabling local privilege escalation without extra privileges or user interaction. Documents cite affected component and impact;...

7.8CVSS6.2AI score0.00091EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.440 views

CVE-2025-26435

CVE-2025-26435 affects ContentProtectionTogglePreferenceController.java and is due to a logic error in updateState that could allow a secondary user to disable the primary user's app scanning setting, enabling local privilege escalation without additional privileges or user interaction. The entry...

7.8CVSS6.3AI score0.00079EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.439 views

CVE-2025-22439

CVE-2025-22439 involves a vulnerability in Android’s ActionHandler.java: in onLastAccessedStackLoaded, a missing permission check could bypass storage restrictions across apps, enabling local elevation of privilege with user interaction required. Exploitation details and risk are described across...

7.3CVSS6.2AI score0.00077EPSS
CVE
CVE
added 2025/09/04 5:15 p.m.439 views

CVE-2025-32312

CVE-2025-32312 affects Android’s PackageParser.java, specifically the function createIntentsList. Root cause: unsafe deserialization that bypasses lazy bundle hardening, allowing modified data to flow to the next process. Impact: local privilege escalation with no additional privileges required; ...

7.8CVSS6.3AI score0.00092EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.438 views

CVE-2025-26416

The CVE-2025-26416 issue affects SkBmpStandardCodec.cpp in the initializeSwizzler path, described as a heap buffer overflow that causes an out-of-bounds write. The practical result is remote elevation of privilege with no additional execution privileges required and without user interaction. Publ...

9.8CVSS7.1AI score0.00356EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.437 views

CVE-2025-0077

CVE-2025-0077 affects Android’s framework with a race condition in multiple functions of UserController.java. The issue is a buffer copy flaw that lacks input size validation, potentially enabling a local elevation of privilege (EoP) without extra execution privileges and without user interaction...

4CVSS6.2AI score0.001EPSS
CVE
CVE
added 2025/09/04 5:14 p.m.437 views

CVE-2025-26437

The CVE-2025-26437 issue is described across multiple sources as a missing privilege check in CredentialManagerServiceStub (CredentialManagerService.java), enabling local information disclosure by retrieving candidate credentials without requiring extra privileges. Exploitation is possible withou...

5.5CVSS5AI score0.00074EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.436 views

CVE-2024-49722

CVE-2024-49722 affects the Android component EditUserPhotoController.java, specifically the showAvatarPicker function. The issue is a cross-user image leak (confused deputy) exposing local information without needing user interaction, and without extra execution privileges. The vulnerability is d...

5.5CVSS4.9AI score0.00108EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.436 views

CVE-2025-26427

CVE-2025-26427 affects Google Android Framework; a path traversal error in multiple locations can grant local escalation of privilege. Exploitation requires user interaction, with no additional execution privileges needed. According to the Android bulletin, this issue is addressed in patch levels...

4.4CVSS6.4AI score0.00106EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.436 views

CVE-2025-26428

CVE-2025-26428 affects Android’s LockTaskController.java, specifically startLockTaskMode. A logic error can enable a lock screen bypass, causing elevation of privilege with no extra execution privileges, requiring user interaction to exploit. The issue is reported across multiple feeds (Red Hat, ...

3.2CVSS6.4AI score0.00101EPSS
CVE
CVE
added 2025/09/04 5:15 p.m.436 views

CVE-2025-26452

CVE-2025-26452 affects Android Framework via the ResourcesImpl.java: loadDrawableForCookie path, where a confused deputy may allow an app’s task snapshots to be accessed, enabling local elevation of privilege without extra execution privileges or user interaction. Public sources (Android bulletin...

7.8CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.435 views

CVE-2025-22423

The CVE-2025-22423 entry concerns the dng_ifd.cpp ParseTag function where a missing bounds check can crash the image renderer, enabling remote DoS with no privileges and no user interaction. Connected OSV/Red Hat/Android bulletin records corroborate a bound-check issue in the same function and de...

7.5CVSS6AI score0.00292EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.435 views

CVE-2025-26442

The CVE-2025-26442 issue affects Android’s NotificationAccessConfirmationActivity.java (onCreate). Root cause: a logic error in the NLS int ent filter verification leading to information disclosure. Impact: local information disclosure without privilege/UI interaction. Exploitability: LOCAL, with...

5.5CVSS5.1AI score0.00078EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.434 views

CVE-2025-26438

CVE-2025-26438 is a vulnerability in Android Bluetooth SMP authentication due to an incorrect implementation in smp_process_secure_connection_oob_data (smp_act.cc). The issue enables remote elevation of privilege with network access and no user interaction, as described in multiple sources. Conne...

8.8CVSS7AI score0.00315EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.433 views

CVE-2025-22418

Technical details about CVE-2025-22418 are not publicly provided in the supplied connected documents. Monitor for updates from official sources.

7.8CVSS6.4AI score0.00075EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.433 views

CVE-2025-26425

The CVE-2025-26425 entry describes a local privilege-escalation issue in Android related to RoleService.java, caused by a logic error that enables permission squatting when android.permission.MANAGE_DEFAULT_APPLICATIONS is not defined. Exploitation is stated to require no user interaction, and th...

4CVSS6.3AI score0.00091EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.432 views

CVE-2024-40653

CVE-2024-40653 involves a logic error in ConnectionServiceWrapper.java that can let a permission be retained indefinitely in the background, enabling local elevation of privilege. The issue is described across multiple sources (Android/Red Hat/NVD entries) as requiring user interaction for exploi...

7.3CVSS6.4AI score0.00112EPSS
CVE
CVE
added 2025/09/04 5:10 a.m.432 views

CVE-2024-56189

CVE-2024-56189 describes an out-of-bounds read in SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c due to a missing bounds check. The available sources indicate this could allow remote information disclosure after authentication with no additional execution privileges and no user interaction requi...

6.5CVSS5.6AI score0.00253EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.432 views

CVE-2025-22416

CVE-2025-22416 affects Android’s ChooserActivity.java onCreate, enabling a confused deputy to view other users’ images and cause local privilege escalation without extra privileges or user interaction. Public references note it as an Elevation of Privilege issue (High) in the Android 2025-04 secu...

7.8CVSS6.3AI score0.00075EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.432 views

CVE-2025-22427

CVE-2025-22427 affects Android’s NotificationAccessConfirmationActivity.java. A logic error in onCreate could grant notification access above the lock screen, enabling local escalation of privilege with user interaction required. Impact is high (local, high confidentiality/integrity/availability ...

7.3CVSS6.3AI score0.00087EPSS
Total number of security vulnerabilities8153