Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GoogleAndroid14

399 matches found

cve
cveadded 2025/08/26 11:15 p.m.55 views

CVE-2025-26417

In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for e...

4CVSS8AI score0.00011EPSS
cve
cveadded 2023/10/30 6:15 p.m.54 views

CVE-2023-21377

In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.8AI score0.00005EPSS
cve
cveadded 2025/08/26 11:15 p.m.54 views

CVE-2025-0092

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS6.4AI score0.00006EPSS
cve
cveadded 4 days ago54 views

CVE-2025-22439

In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.3CVSS6.2AI score0.00003EPSS
cve
cveadded 2023/10/30 6:15 p.m.53 views

CVE-2023-21393

In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.0003EPSS
cve
cveadded 4 days ago53 views

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5AI score0.00003EPSS
cve
cveadded 2025/08/26 11:15 p.m.53 views

CVE-2024-49740

In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6.4AI score0.00005EPSS
cve
cveadded 2 days ago53 views

CVE-2025-26455

In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.7AI score0.00009EPSS
cve
cveadded 2023/10/30 4:18 p.m.52 views

CVE-2022-20531

In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.6AI score0.00022EPSS
cve
cveadded 2023/10/30 5:15 p.m.52 views

CVE-2023-21319

In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5AI score0.00017EPSS
cve
cveadded 2023/10/30 6:15 p.m.52 views

CVE-2023-21375

In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.9AI score0.00016EPSS
cve
cveadded 2023/10/30 6:15 p.m.52 views

CVE-2023-21385

In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.7AI score0.0004EPSS
cve
cveadded 2 days ago52 views

CVE-2023-35657

In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

4CVSS5AI score0.00005EPSS
cve
cveadded 2025/08/26 11:15 p.m.52 views

CVE-2025-0079

In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00006EPSS
cve
cveadded 2025/08/26 11:15 p.m.52 views

CVE-2025-0082

In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS6AI score0.00005EPSS
cve
cveadded 2025/08/26 11:15 p.m.52 views

CVE-2025-0093

In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

7.5CVSS6.3AI score0.00048EPSS
cve
cveadded 4 days ago52 views

CVE-2025-22433

In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti...

7.8CVSS6.2AI score0.00008EPSS
cve
cveadded 4 days ago52 views

CVE-2025-22434

In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.3AI score0.00006EPSS
cve
cveadded 2 days ago52 views

CVE-2025-26436

In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl...

7.8CVSS6.3AI score0.00011EPSS
cve
cveadded 2023/10/30 5:15 p.m.51 views

CVE-2023-21326

In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exp...

5.5CVSS5.6AI score0.00026EPSS
cve
cveadded 2023/10/30 5:15 p.m.51 views

CVE-2023-21362

In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.6AI score0.0002EPSS
cve
cveadded 2023/10/30 5:15 p.m.51 views

CVE-2023-21364

In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.5AI score0.00027EPSS
cve
cveadded 2023/10/30 6:15 p.m.51 views

CVE-2023-21376

In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.7AI score0.0002EPSS
cve
cveadded 2023/10/30 6:15 p.m.51 views

CVE-2023-21384

In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.3AI score0.00004EPSS
cve
cveadded 4 days ago51 views

CVE-2024-40653

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploita...

7.3CVSS6.4AI score0.00013EPSS
cve
cveadded 2025/08/26 11:15 p.m.51 views

CVE-2025-0084

In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS7.6AI score0.00022EPSS
cve
cveadded 2025/08/26 11:15 p.m.51 views

CVE-2025-0086

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS6AI score0.00007EPSS
cve
cveadded 4 days ago51 views

CVE-2025-22428

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User int...

7.8CVSS6.3AI score0.00004EPSS
cve
cveadded 4 days ago51 views

CVE-2025-22438

In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.4AI score0.00003EPSS
cve
cveadded 4 days ago51 views

CVE-2025-22442

In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ...

7CVSS6.3AI score0.00003EPSS
cve
cveadded 4 days ago51 views

CVE-2025-26416

In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS7.1AI score0.00066EPSS
cve
cveadded 2 days ago51 views

CVE-2025-26421

In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

4CVSS6.3AI score0.00007EPSS
cve
cveadded 2 days ago51 views

CVE-2025-26444

In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege wh...

7.8CVSS6.3AI score0.00009EPSS
cve
cveadded 2023/10/30 5:15 p.m.50 views

CVE-2023-21369

In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS5.6AI score0.00005EPSS
cve
cveadded 4 days ago50 views

CVE-2024-49720

In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat...

7.8CVSS6.4AI score0.00005EPSS
cve
cveadded 4 days ago50 views

CVE-2025-22416

In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.3AI score0.00003EPSS
cve
cveadded 4 days ago50 views

CVE-2025-22417

In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.3CVSS6.3AI score0.00003EPSS
cve
cveadded 4 days ago50 views

CVE-2025-22423

In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS6AI score0.00085EPSS
cve
cveadded 2 days ago50 views

CVE-2025-22425

In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

5.1CVSS6.3AI score0.00007EPSS
cve
cveadded 4 days ago50 views

CVE-2025-22435

In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS6.8AI score0.00016EPSS
cve
cveadded 2023/10/30 5:15 p.m.49 views

CVE-2022-20264

In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploita...

5.5CVSS5.6AI score0.00017EPSS
cve
cveadded 2023/10/30 5:15 p.m.49 views

CVE-2023-21355

In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS8.3AI score0.00017EPSS
cve
cveadded 2023/10/30 5:15 p.m.49 views

CVE-2023-21357

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.4AI score0.00014EPSS
cve
cveadded 2023/10/30 6:15 p.m.49 views

CVE-2023-21391

In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS7.8AI score0.00859EPSS
cve
cveadded 4 days ago49 views

CVE-2024-49730

In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.4AI score0.00003EPSS
cve
cveadded 4 days ago49 views

CVE-2025-22418

In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.4AI score0.00003EPSS
cve
cveadded 4 days ago49 views

CVE-2025-22421

In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed f...

5.5CVSS5.1AI score0.00004EPSS
cve
cveadded 4 days ago49 views

CVE-2025-22427

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for ex...

7.3CVSS6.3AI score0.00006EPSS
cve
cveadded 4 days ago49 views

CVE-2025-22431

In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges needed. User interacti...

5.5CVSS5.5AI score0.00006EPSS
cve
cveadded 2 days ago49 views

CVE-2025-26423

In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS6.2AI score0.00006EPSS
Total number of security vulnerabilities399