287 matches found
CVE-2025-48593
The CVE-2025-48593 entry concerns a remote code execution flaw in Android’s system code, specifically within the bta_hf_client_main.cc path (bta_hf_client_cb_init). The root cause is a missing bounds check during processing of network packets, enabling a buffer overflow via memcpy into a fixed-si...
CVE-2025-48595
CVE-2025-48595 is an Android Framework vulnerability involving an integer overflow that could enable code execution and local privilege escalation without user interaction. The Android Security Bulletin (June 2026) lists this CVE under Framework in the 2026-06-01 patch level with an overall high/...
CVE-2025-48530
CVE-2025-48530 affects the Android System component. It arises from out-of-bounds access due to incorrect bounds checking in multiple locations, enabling remote code execution with no extra privileges and no user interaction. The issue is characterized as a global Android risk in the System table...
CVE-2025-48543
The CVE-2025-48543 entry describes a use-after-free vulnerability in the Android Runtime (ART) that can escape the Chrome sandbox to attack system_server, enabling local privilege escalation without user interaction. Affected scope per sources includes ART-related code paths in Android 13–16, wit...
CVE-2025-48581
CVE-2025-48581 corresponds to a logic error in the Android system component apexd.cpp, within the VerifyNoOverlapInSessions function, that can block security updates. The impact is local privilege escalation with no additional execution privileges required and no user interaction needed for explo...
CVE-2026-0047
In Android, CVE-2026-0047 relates to a missing permission check in ActivityManagerService.java’s dumpBitmapsProto, allowing an app to access private information and achieve local privilege escalation with no extra execution privileges or user interaction required. The description notes a local es...
CVE-2025-48572
CVE-2025-48572 is an Android Framework privilege-escalation vulnerability. It stems from improper input validation in the Framework component, allowing a local application to launch activities from background and execute arbitrary code with elevated privileges. Affected products are Android devic...
CVE-2026-20435
CVE-2026-20435 concerns a logic error in the preloader of MediaTek-based devices that allows reading device unique identifiers. The vulnerability can enable local information disclosure with physical access and no required user interaction or execution privileges. Affected component: preloader; u...
CVE-2026-0049
CVE-2026-0049 centers on the Android Framework component LocalImageResolver.java, with the root cause in onHeaderDecoded leading to resource exhaustion and a possible persistent denial-of-service. Exploitation is local and does not require user interaction. Public references consistently describe...
CVE-2026-0097
Technical details about CVE-2026-0097 are not publicly available in the provided documents. Monitor for updates from sources such as the Android bulletin and NVD.
CVE-2026-0006
CVE-2026-0006 is a heap-based out-of-bounds read/write vulnerability that can lead to remote code execution with no user interaction. It is listed under Android System as affected, with an updated AOSP version set to 16 and mitigation via security patch levels 2026-03-01 or later (Android 16-era ...
CVE-2025-48633
CVE-2025-48633 concerns a logic error in Android Framework related to DevicePolicyManagerService.hasAccountsOnAnyUser, enabling a local attacker to add a Device Owner after provisioning and escalate privileges without user interaction. Connected sources (EUVD-2025-201737; Android Security Bulleti...
CVE-2025-32318
CVE-2025-32318: A heap buffer overflow in Skia can cause an out-of-bounds write, enabling remote elevation of privilege with no user interaction. CVSSv3.1: 8.8 (Network, Low evidence required, Privileges Low, Confidentiality/Integrity/Availability High). Android 16 security notes classify this en...
CVE-2025-48533
CVE-2025-48533 affects the Android Framework. A race condition in the lockscreen context menu can be exploited to perform local escalation of privilege by using apps linked from the context menu, without additional execution privileges or user interaction. The vulnerability is characterized as Eo...
CVE-2025-22432
CVE-2025-22432 affects the Android Framework (CallRedirectionProcessor.java). The root cause is improper input validation in notifyTimeout, which may create a persistent connection and enable local escalation of privilege, triggering background activity launches with User privileges and no user i...
CVE-2024-31328
CVE-2024-31328 is documented in Wear OS/Android Wear context. A logic error in the function broadcastIntentLockedTraced of BroadcastController.java may allow launching arbitrary activities from the background on the paired companion phone, resulting in local elevation of privilege without additio...
CVE-2026-0059
Technical details about CVE-2026-0059 are not publicly available in the provided documents; no affected products, versions, root cause, or mitigations are disclosed here. Monitor for updates.
CVE-2025-48539
CVE-2025-48539: In SendPacketToPeer of acl_arbiter.cc there is a possible out-of-bounds read due to a use-after-free, which could enable remote code execution with no additional privileges and no user interaction. Connected documents identify this as an Android System component issue with high se...
CVE-2025-48626
CVE-2025-48626 pertains to Google Android where a precondition check failure can allow launching an application from the background, enabling remote escalation of privilege without user interaction. Documented across multiple feeds (NVD, Red Hat advisory, CNVD, EUVD, OSV, CVE list, and regional b...
CVE-2024-0028
The CVE-2024-0028 entry describes an information-disclosure flaw in Android’s Audio Service where a missing permission check could let an attacker obtain the MAC addresses of nearby Bluetooth devices. This is a local issue with low attack complexity and no user interaction required, potentially e...
CVE-2025-32320
CVE-2025-32320 affects Android System UI and describes a confused-deputy issue that can lead to local elevation of privilege: an attacker could view other users’ images without extra execution privileges or user interaction. Affected component is Android System UI; root cause is improper access c...
CVE-2026-0076
CVE-2026-0076 describes an out-of-bounds read in validateNode of ResourceTypes.cpp, caused by an incorrect bounds check. This could enable local privilege escalation with no user interaction, per the included descriptions. Connected sources repeat this detail across multiple feeds (NVD/EUVD) with...
CVE-2026-0078
CVE-2026-0078 affects Android’s DevicePolicyManagerService (setGlobalProxy). The issue is a desync in persistence caused by improper input validation, enabling local privilege escalation with no extra execution privileges required. Exploitation is described as local and does not require user inte...
CVE-2026-0091
Technical details about CVE-2026-0091 are not publicly available in the provided documents. No affected products, versions, or remediation are specified here. Monitor the sources for updates.
CVE-2025-48621
CVE-2025-48621 is linked to the Android framework (DefaultTransitionHandler.java), where an insecure default could enable a tapjacking–driven local elevation of privilege. The issue requires user interaction to exploit and affects Android devices prior to patching. Public references note the vuln...
CVE-2026-0041
In the connected disclosures, CVE-2026-0041 is tied to an integer overflow in multiple functions of ubsan_throwing_runtime.cpp, causing a UBSan failure that can lead to remote denial of service without extra privileges or user interaction. PT-2026-4712 explicitly flags Chromium as affected, notin...
CVE-2025-48545
CVE-2025-48545 affects Android’s AccountManagerService.isSystemUid in AccountManagerService.java, enabling a confused deputy to let an app access privileged APIs. This constitutes local privilege escalation with no additional execution privileges and no user interaction required. Public details i...
CVE-2026-0012
CVE-2026-0012 affects Android’s ExpandableNotificationRow.java (setHideSensitive) with a logic error causing a local information disclosure of contact names. Exploitation requires no user interaction and grants no privileges beyond local access; the issue is classified as information disclosure (...
CVE-2026-0034
CVE-2026-0034 affects Android, arising from improper input validation in setPackageOrComponentEnabled within ManagedServices.java, causing a possible notification policy desync and local privilege elevation with no extra execution privileges or user interaction required. The issue is described ac...
CVE-2026-0087
CVE-2026-0087 : The connected sources identify a logic error in Android’s DomainVerificationService.java (approvalLevelForDomainInternal) that could allow hijacking an arbitrary app link, enabling local privilege escalation without user interaction. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:...
CVE-2025-48544
CVE-2025-48544 affects Google Android via a vulnerability in the MediaProvider component that allows reading files belonging to other apps due to SQL injection in multiple locations. The underlying issue enables local elevation of privilege with no additional execution privileges and without user...
CVE-2025-48558
CVE-2025-48558 affects the Android BatteryService.java component, where multiple functions could enable implicit intent hijacking of a system app. This yields local elevation of privilege without extra privileges or user interaction. The connected documents confirm the vulnerability type and impa...
CVE-2025-20787
CVE-2025-20787 describes a memory corruption through a use-after-free in the display path, potentially allowing local privilege escalation if an attacker already has System privileges. Exploitation reportedly does not require user interaction. The issue is associated with a patch ID ALPS10149879 ...
CVE-2025-32350
The CVE-2025-32350 issue affects Google Android Framework: in maybeShowDialog of ControlsSettingsDialogManager.kt there can be an overlay/tapjacking that causes a ControlsSettingsDialog to overlap, enabling local elevation of privilege without extra user interaction. The Android Security Bulletin...
CVE-2026-0055
CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...
CVE-2026-0077
CVE-2026-0077 is linked to Android’s ActivityRecord.java resumeConfigurationDispatch, where a logic error can trigger a background application launch (bal) and enable local privilege escalation without extra privileges or user interaction. Connected sources (NVD/Red Hat/NCSC EUVD, etc.) confirm t...
CVE-2026-28573
CVE-2026-28573 affects Android Wear OS via a Framework component vulnerability described as a local denial of service in AndroidManifest.xml due to a missing permission check. The CVE is characterized as high severity with a CVSSv4 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:I:H/CI:H/AI:H; impacts ...
CVE-2025-48540
CVE-2025-48540 describes a local elevation-of-privilege vulnerability in the Android stack caused by a logic error in processTransactInternal of RpcState.cpp, which can trigger a local out-of-memory write. Exploitation requires local access; no user interaction is needed. Public references in And...
CVE-2026-0098
Technical details (affected products, versions, exploit specifics, or mitigations) are not publicly available in the provided documents. Monitor for updates and rely on official advisories when they are published.
CVE-2025-20803
CVE-2025-20803 affects the dpe component. The issue is a memory corruption caused by an integer overflow that could allow local escalation of privilege when the attacker already has System privileges; exploitation requires user interaction. A patch is identified as ALPS10199779 (MSV-4504). Public...
CVE-2025-48522
CVE-2025-48522 is an elevation-of-privilege vulnerability in Android, caused by a logic error in the setDisplayName function of AssociationRequest.java that can allow an app to retain the CDM association. This can lead to local EoP with no additional execution privileges and requires no user inte...
CVE-2025-48528
CVE-2025-48528 describes a tapjacking/overlay vulnerability that could allow overlaying biometrics to achieve local privilege escalation with no user interaction. The Android Security Bulletin lists CVE-2025-48528 as a Framework issue with High severity and notes updated AOSP versions 15 and 16, ...
CVE-2025-48562
CVE-2025-48562 is an Android information-disclosure flaw caused by a logic error in the writeContent function of RemotePrintDocument.java. The issue can lead to local information disclosure without additional execution privileges, and exploitation requires user interaction. Multiple connected sou...
CVE-2026-0025
CVE-2026-0025 is a vulnerability in Android’s Notification.java hasImage path where a permissions bypass can leak information across users, enabling local privilege escalation with no extra execution privileges and no user interaction. Exploitation is local and no exploit details are provided in ...
CVE-2026-0048
Technical details for CVE-2026-0048 are not publicly provided in the supplied documents. The description notes a tapjacking/overlay issue with local privilege escalation, but no concrete affected products, versions, or fixes are disclosed. Monitor for updates.
CVE-2025-48529
The CVE-2025-48529 issue affects VoicemailNotificationSettingsUtil.java, specifically the setRingtoneUri function, causing a cross-user data leak (confused deputy) that can disclose local information without extra privileges. Exploitation requires no user interaction and is local. The connected d...
CVE-2025-48553
CVE-2025-48553 impacts Android’s DevicePolicyManagerService.java, where a logic error in handlePackagesChanged can cause a denial-of-service on a device admin, enabling local privilege escalation without extra execution privileges or user interaction. The issue is documented across multiple sourc...
CVE-2026-0079
Technical details about CVE-2026-0079 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-0080
Technical details are not publicly available in the provided documents; no affected products, versions, vectors, or mitigations are specified. Monitor for updates.
CVE-2025-48537
CVE-2025-48537 affects Google Android and is described as a locally exploitable DoS due to improper input validation in multiple locations, which can also lead to local information disclosure without additional privileges or user interaction. Android security bulletins associate this and related ...