Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GoogleAndroid15

169 matches found

cve
cveadded 2025/08/26 11:15 p.m.55 views

CVE-2025-0083

In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

4CVSS6AI score0.00006EPSS
cve
cveadded 2025/08/26 11:15 p.m.55 views

CVE-2025-22409

In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.4CVSS7.6AI score0.00005EPSS
cve
cveadded 2025/08/26 11:15 p.m.55 views

CVE-2025-26417

In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for e...

4CVSS8AI score0.00011EPSS
cve
cveadded 2025/08/26 11:15 p.m.54 views

CVE-2025-0074

In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS8AI score0.00142EPSS
cve
cveadded 2025/08/26 11:15 p.m.54 views

CVE-2025-0092

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS6.4AI score0.00006EPSS
cve
cveadded 2025/08/26 11:15 p.m.54 views

CVE-2025-22403

In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS8AI score0.00098EPSS
cve
cveadded 2025/08/26 11:15 p.m.54 views

CVE-2025-22406

In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.4CVSS7.3AI score0.00005EPSS
cve
cveadded 4 days ago54 views

CVE-2025-22439

In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.3CVSS6.2AI score0.00003EPSS
cve
cveadded 4 days ago53 views

CVE-2024-49722

In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS4.9AI score0.00004EPSS
cve
cveadded 4 days ago53 views

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5AI score0.00003EPSS
cve
cveadded 2025/08/26 11:15 p.m.53 views

CVE-2024-49740

In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6.4AI score0.00005EPSS
cve
cveadded 2025/08/26 11:15 p.m.53 views

CVE-2025-22405

In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.4CVSS7.7AI score0.00005EPSS
cve
cveadded 2025/08/26 11:15 p.m.53 views

CVE-2025-22408

In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS8AI score0.00098EPSS
cve
cveadded 2025/08/26 11:15 p.m.53 views

CVE-2025-22412

In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS7.3AI score0.00011EPSS
cve
cveadded 2 days ago53 views

CVE-2025-26455

In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.7AI score0.00009EPSS
cve
cveadded 2 days ago52 views

CVE-2023-35657

In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

4CVSS5AI score0.00005EPSS
cve
cveadded 2025/08/26 11:15 p.m.52 views

CVE-2025-0079

In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00006EPSS
cve
cveadded 2025/08/26 11:15 p.m.52 views

CVE-2025-0082

In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS6AI score0.00005EPSS
cve
cveadded 2025/08/26 11:15 p.m.52 views

CVE-2025-0093

In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

7.5CVSS6.3AI score0.00048EPSS
cve
cveadded 2025/08/26 11:15 p.m.52 views

CVE-2025-22407

In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS7AI score0.00004EPSS
cve
cveadded 2025/08/26 11:15 p.m.52 views

CVE-2025-22411

In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS7.2AI score0.00011EPSS
cve
cveadded 4 days ago52 views

CVE-2025-22433

In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti...

7.8CVSS6.2AI score0.00008EPSS
cve
cveadded 4 days ago52 views

CVE-2025-22434

In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.3AI score0.00006EPSS
cve
cveadded 2 days ago52 views

CVE-2025-26436

In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl...

7.8CVSS6.3AI score0.00011EPSS
cve
cveadded 4 days ago51 views

CVE-2024-40653

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploita...

7.3CVSS6.4AI score0.00013EPSS
cve
cveadded 2025/08/26 11:15 p.m.51 views

CVE-2025-0080

In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00004EPSS
cve
cveadded 2025/08/26 11:15 p.m.51 views

CVE-2025-0084

In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS7.6AI score0.00022EPSS
cve
cveadded 2025/08/26 11:15 p.m.51 views

CVE-2025-0086

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS6AI score0.00007EPSS
cve
cveadded 4 days ago51 views

CVE-2025-22428

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User int...

7.8CVSS6.3AI score0.00004EPSS
cve
cveadded 4 days ago51 views

CVE-2025-22442

In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ...

7CVSS6.3AI score0.00003EPSS
cve
cveadded 4 days ago51 views

CVE-2025-26416

In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS7.1AI score0.00066EPSS
cve
cveadded 2 days ago51 views

CVE-2025-26421

In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

4CVSS6.3AI score0.00007EPSS
cve
cveadded 4 days ago50 views

CVE-2024-49720

In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat...

7.8CVSS6.4AI score0.00005EPSS
cve
cveadded 2 days ago50 views

CVE-2025-0077

In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

4CVSS6.2AI score0.00007EPSS
cve
cveadded 4 days ago50 views

CVE-2025-22416

In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.3AI score0.00003EPSS
cve
cveadded 4 days ago50 views

CVE-2025-22417

In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.3CVSS6.3AI score0.00003EPSS
cve
cveadded 4 days ago50 views

CVE-2025-22423

In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS6AI score0.00085EPSS
cve
cveadded 4 days ago50 views

CVE-2025-22430

In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS4.9AI score0.00003EPSS
cve
cveadded 4 days ago50 views

CVE-2025-22435

In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS6.8AI score0.00016EPSS
cve
cveadded 2 days ago50 views

CVE-2025-26424

In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

4CVSS5.1AI score0.00005EPSS
cve
cveadded 2 days ago50 views

CVE-2025-26437

In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitat...

5.5CVSS5AI score0.00009EPSS
cve
cveadded 4 days ago49 views

CVE-2025-22421

In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed f...

5.5CVSS5.1AI score0.00004EPSS
cve
cveadded 4 days ago49 views

CVE-2025-22427

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for ex...

7.3CVSS6.3AI score0.00006EPSS
cve
cveadded 4 days ago49 views

CVE-2025-22431

In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges needed. User interacti...

5.5CVSS5.5AI score0.00006EPSS
cve
cveadded 2 days ago49 views

CVE-2025-26423

In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS6.2AI score0.00006EPSS
cve
cveadded 2 days ago49 views

CVE-2025-26425

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGE_DEFAULT_APPLICATIONS was not defined with no additional executi...

4CVSS6.3AI score0.00005EPSS
cve
cveadded 2 days ago49 views

CVE-2025-26429

In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.6AI score0.00006EPSS
cve
cveadded 2 days ago49 views

CVE-2025-26430

In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.3AI score0.00009EPSS
cve
cveadded 2 days ago49 views

CVE-2025-26435

In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges ne...

7.8CVSS6.3AI score0.00009EPSS
cve
cveadded 2 days ago49 views

CVE-2025-26456

In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.7AI score0.00012EPSS
Total number of security vulnerabilities169