Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GoogleAndroid13

822 matches found

CVE
CVEadded 2022/08/12 3:15 p.m.42 views

CVE-2022-20334

In Bluetooth, there are possible process crashes due to dereferencing a null pointer. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178800552

6.5CVSS6.8AI score0.01214EPSS
CVE
CVEadded 2021/07/14 2:15 p.m.41 views

CVE-2021-0518

In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-17654101...

5.5CVSS5.5AI score0.00027EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.41 views

CVE-2022-20256

In the Audio HAL, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222572821

6.4CVSS7AI score0.00011EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.41 views

CVE-2022-20270

In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: ...

5.5CVSS5.5AI score0.00015EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.41 views

CVE-2022-20294

In Content, there is a possible way to learn about an account present on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...

5.5CVSS5.5AI score0.00015EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.41 views

CVE-2022-20300

In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Androi...

5.5CVSS5.5AI score0.00015EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.41 views

CVE-2022-20317

In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ...

5.5CVSS5.2AI score0.00018EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.41 views

CVE-2022-20320

In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

3.3CVSS4.2AI score0.00014EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.41 views

CVE-2022-20321

In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: Androi...

3.3CVSS4.3AI score0.00015EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.41 views

CVE-2022-20340

In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidV...

3.3CVSS4.4AI score0.00014EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.40 views

CVE-2022-20324

In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Prod...

5.5CVSS5.4AI score0.00015EPSS
CVE
CVEadded 2023/08/14 10:15 p.m.40 views

CVE-2023-21234

In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ...

5.5CVSS5.7AI score0.00013EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.39 views

CVE-2022-20312

In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. This could lead to local information disclosure without additional execution privileges needed. User interaction is not needed forexploitationProduct: AndroidVersions: Android-...

5.5CVSS5.5AI score0.00015EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.39 views

CVE-2022-20313

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-192206329

6.8CVSS7.2AI score0.00024EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.38 views

CVE-2022-20307

In AlarmManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploit...

3.3CVSS4.2AI score0.00014EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.38 views

CVE-2022-20342

In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: ...

3.3CVSS4.6AI score0.00016EPSS
CVE
CVEadded 2023/08/14 10:15 p.m.36 views

CVE-2023-21230

In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileg...

5.5CVSS5.2AI score0.0001EPSS
CVE
CVEadded 2022/08/12 3:15 p.m.35 views

CVE-2022-20308

In hostapd, there is a possible insecure configuration due to an insecure default value. This could lead to remote denial of service of the wifi hotspot with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-...

7.5CVSS7.4AI score0.0228EPSS
CVE
CVEadded 2023/08/14 10:15 p.m.32 views

CVE-2023-21231

In getIntentForButton of ButtonManager.java, there is a possible way for an unprivileged application to start a non-exported or permission-protected activity due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User inte...

7.8CVSS7.7AI score0.00011EPSS
CVE
CVEadded 2023/08/14 10:15 p.m.31 views

CVE-2023-21235

In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00004EPSS
CVE
CVEadded 3 days ago28 views

CVE-2025-22441

In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is need...

7.3CVSS6.8AI score0.00005EPSS
CVE
CVEadded 2023/07/13 1:15 a.m.27 views

CVE-2023-21260

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.

5.5CVSS5.5AI score0.00017EPSS
CVE
CVEadded 2023/08/14 10:15 p.m.25 views

CVE-2023-21232

In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.8AI score0.00004EPSS
CVE
CVEadded 3 days ago25 views

CVE-2024-49731

In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for explo...

4CVSS6.4AI score0.00004EPSS
CVE
CVEadded 3 days ago24 views

CVE-2024-40664

In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2CVSS5.6AI score0.00005EPSS
CVE
CVEadded 3 days ago22 views

CVE-2025-48533

In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7CVSS6.2AI score0.00005EPSS
CVE
CVEadded 3 days ago13 views

CVE-2025-48543

In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS6.5AI score0.00223EPSS
In wild
CVE
CVEadded 3 days ago11 views

CVE-2025-26419

In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

3.3CVSS6.4AI score0.00005EPSS
CVE
CVEadded 3 days ago10 views

CVE-2025-22415

In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

4CVSS6.3AI score0.00005EPSS
CVE
CVEadded 3 days ago8 views

CVE-2024-49714

In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7AI score0.00005EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-0076

In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS4.9AI score0.00004EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-32325

In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.7AI score0.00005EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-32330

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not ...

5.7CVSS5.6AI score0.00008EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-48529

In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5AI score0.00004EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-48537

In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

7.1CVSS5.2AI score0.00008EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-48542

In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.7AI score0.00005EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-48545

In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6AI score0.00004EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-48546

In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.3AI score0.00006EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-48550

In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.6AI score0.00006EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-48554

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

6.1CVSS5.6AI score0.00006EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-48558

In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.3AI score0.00005EPSS
CVE
CVEadded 3 days ago8 views

CVE-2025-48559

In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.6AI score0.00006EPSS
CVE
CVEadded 3 days ago7 views

CVE-2025-0089

In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.3AI score0.00009EPSS
CVE
CVEadded 3 days ago7 views

CVE-2025-26454

In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.3AI score0.00006EPSS
CVE
CVEadded 3 days ago7 views

CVE-2025-32321

In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.3AI score0.00005EPSS
CVE
CVEadded 3 days ago7 views

CVE-2025-32323

In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...

7.8CVSS6.3AI score0.00007EPSS
CVE
CVEadded 3 days ago7 views

CVE-2025-32326

In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS6.4AI score0.00005EPSS
CVE
CVEadded 3 days ago7 views

CVE-2025-32347

In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS6.3AI score0.00005EPSS
CVE
CVEadded 3 days ago7 views

CVE-2025-32349

In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.4AI score0.00006EPSS
CVE
CVEadded 3 days ago7 views

CVE-2025-48522

In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.3AI score0.00007EPSS
Total number of security vulnerabilities822