Lucene search
K
GoogleAndroid16.0

287 matches found

CVE
CVE
added 2025/11/18 4:51 a.m.581 views

CVE-2025-48593

The CVE-2025-48593 entry concerns a remote code execution flaw in Android’s system code, specifically within the bta_hf_client_main.cc path (bta_hf_client_cb_init). The root cause is a missing bounds check during processing of network packets, enabling a buffer overflow via memcpy into a fixed-si...

8CVSS7.5AI score0.00911EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.510 views

CVE-2025-48595

CVE-2025-48595 is an Android Framework vulnerability involving an integer overflow that could enable code execution and local privilege escalation without user interaction. The Android Security Bulletin (June 2026) lists this CVE under Framework in the 2026-06-01 patch level with an overall high/...

8.4CVSS6.3AI score0.01714EPSS
In wild
CVE
CVE
added 2025/09/04 6:17 p.m.494 views

CVE-2025-48530

CVE-2025-48530 affects the Android System component. It arises from out-of-bounds access due to incorrect bounds checking in multiple locations, enabling remote code execution with no extra privileges and no user interaction. The issue is characterized as a global Android risk in the System table...

8.1CVSS7.5AI score0.00498EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.478 views

CVE-2025-48543

The CVE-2025-48543 entry describes a use-after-free vulnerability in the Android Runtime (ART) that can escape the Chrome sandbox to attack system_server, enabling local privilege escalation without user interaction. Affected scope per sources includes ART-related code paths in Android 13–16, wit...

8.8CVSS6.5AI score0.00545EPSS
In wild
CVE
CVE
added 2025/09/04 6:34 p.m.113 views

CVE-2025-48581

CVE-2025-48581 corresponds to a logic error in the Android system component apexd.cpp, within the VerifyNoOverlapInSessions function, that can block security updates. The impact is local privilege escalation with no additional execution privileges required and no user interaction needed for explo...

8.4CVSS7.5AI score0.00184EPSS
CVE
CVE
added 2026/03/02 6:43 p.m.109 views

CVE-2026-0047

In Android, CVE-2026-0047 relates to a missing permission check in ActivityManagerService.java’s dumpBitmapsProto, allowing an app to access private information and achieve local privilege escalation with no extra execution privileges or user interaction required. The description notes a local es...

8.4CVSS6.1AI score0.00138EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.108 views

CVE-2025-48572

CVE-2025-48572 is an Android Framework privilege-escalation vulnerability. It stems from improper input validation in the Framework component, allowing a local application to launch activities from background and execute arbitrary code with elevated privileges. Affected products are Android devic...

7.8CVSS6.5AI score0.00232EPSS
In wild
CVE
CVE
added 2026/03/02 8:39 a.m.104 views

CVE-2026-20435

CVE-2026-20435 concerns a logic error in the preloader of MediaTek-based devices that allows reading device unique identifiers. The vulnerability can enable local information disclosure with physical access and no required user interaction or execution privileges. Affected component: preloader; u...

4.6CVSS6.1AI score0.00115EPSS
CVE
CVE
added 2026/04/06 6:20 p.m.102 views

CVE-2026-0049

CVE-2026-0049 centers on the Android Framework component LocalImageResolver.java, with the root cause in onHeaderDecoded leading to resource exhaustion and a possible persistent denial-of-service. Exploitation is local and does not require user interaction. Public references consistently describe...

6.2CVSS6AI score0.00101EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.90 views

CVE-2026-0097

Technical details about CVE-2026-0097 are not publicly available in the provided documents. Monitor for updates from sources such as the Android bulletin and NVD.

8CVSS5.9AI score0.00121EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.65 views

CVE-2026-0006

CVE-2026-0006 is a heap-based out-of-bounds read/write vulnerability that can lead to remote code execution with no user interaction. It is listed under Android System as affected, with an updated AOSP version set to 16 and mitigation via security patch levels 2026-03-01 or later (Android 16-era ...

9.8CVSS6.7AI score0.00581EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.60 views

CVE-2025-48633

CVE-2025-48633 concerns a logic error in Android Framework related to DevicePolicyManagerService.hasAccountsOnAnyUser, enabling a local attacker to add a Device Owner after provisioning and escalate privileges without user interaction. Connected sources (EUVD-2025-201737; Android Security Bulleti...

5.5CVSS6.5AI score0.00249EPSS
In wild
CVE
CVE
added 2025/09/05 4:10 p.m.59 views

CVE-2025-32318

CVE-2025-32318: A heap buffer overflow in Skia can cause an out-of-bounds write, enabling remote elevation of privilege with no user interaction. CVSSv3.1: 8.8 (Network, Low evidence required, Privileges Low, Confidentiality/Integrity/Availability High). Android 16 security notes classify this en...

8.8CVSS7.1AI score0.00278EPSS
CVE
CVE
added 2025/09/04 6:17 p.m.57 views

CVE-2025-48533

CVE-2025-48533 affects the Android Framework. A race condition in the lockscreen context menu can be exploited to perform local escalation of privilege by using apps linked from the context menu, without additional execution privileges or user interaction. The vulnerability is characterized as Eo...

7CVSS6.2AI score0.00083EPSS
CVE
CVE
added 2025/12/08 4:56 p.m.56 views

CVE-2025-22432

CVE-2025-22432 affects the Android Framework (CallRedirectionProcessor.java). The root cause is improper input validation in notifyTimeout, which may create a persistent connection and enable local escalation of privilege, triggering background activity launches with User privileges and no user i...

6.7CVSS6.4AI score0.00097EPSS
CVE
CVE
added 2026/03/02 7:2 p.m.54 views

CVE-2024-31328

CVE-2024-31328 is documented in Wear OS/Android Wear context. A logic error in the function broadcastIntentLockedTraced of BroadcastController.java may allow launching arbitrary activities from the background on the paired companion phone, resulting in local elevation of privilege without additio...

8.8CVSS6.2AI score0.00115EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.54 views

CVE-2026-0059

Technical details about CVE-2026-0059 are not publicly available in the provided documents; no affected products, versions, root cause, or mitigations are disclosed here. Monitor for updates.

8CVSS6.5AI score0.00114EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.51 views

CVE-2025-48539

CVE-2025-48539: In SendPacketToPeer of acl_arbiter.cc there is a possible out-of-bounds read due to a use-after-free, which could enable remote code execution with no additional privileges and no user interaction. Connected documents identify this as an Android System component issue with high se...

8CVSS6.9AI score0.00244EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.51 views

CVE-2025-48626

CVE-2025-48626 pertains to Google Android where a precondition check failure can allow launching an application from the background, enabling remote escalation of privilege without user interaction. Documented across multiple feeds (NVD, Red Hat advisory, CNVD, EUVD, OSV, CVE list, and regional b...

9.8CVSS7AI score0.00343EPSS
CVE
CVE
added 2025/09/05 4:10 p.m.50 views

CVE-2024-0028

The CVE-2024-0028 entry describes an information-disclosure flaw in Android’s Audio Service where a missing permission check could let an attacker obtain the MAC addresses of nearby Bluetooth devices. This is a local issue with low attack complexity and no user interaction required, potentially e...

5.5CVSS6.2AI score0.0007EPSS
CVE
CVE
added 2025/09/05 4:10 p.m.49 views

CVE-2025-32320

CVE-2025-32320 affects Android System UI and describes a confused-deputy issue that can lead to local elevation of privilege: an attacker could view other users’ images without extra execution privileges or user interaction. Affected component is Android System UI; root cause is improper access c...

7.8CVSS6.2AI score0.00073EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.49 views

CVE-2026-0076

CVE-2026-0076 describes an out-of-bounds read in validateNode of ResourceTypes.cpp, caused by an incorrect bounds check. This could enable local privilege escalation with no user interaction, per the included descriptions. Connected sources repeat this detail across multiple feeds (NVD/EUVD) with...

7.8CVSS5.9AI score0.00079EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.49 views

CVE-2026-0078

CVE-2026-0078 affects Android’s DevicePolicyManagerService (setGlobalProxy). The issue is a desync in persistence caused by improper input validation, enabling local privilege escalation with no extra execution privileges required. Exploitation is described as local and does not require user inte...

7.8CVSS5.9AI score0.00079EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.47 views

CVE-2026-0091

Technical details about CVE-2026-0091 are not publicly available in the provided documents. No affected products, versions, or remediation are specified here. Monitor the sources for updates.

7.8CVSS6.1AI score0.00067EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.45 views

CVE-2025-48621

CVE-2025-48621 is linked to the Android framework (DefaultTransitionHandler.java), where an insecure default could enable a tapjacking–driven local elevation of privilege. The issue requires user interaction to exploit and affects Android devices prior to patching. Public references note the vuln...

7.3CVSS6.5AI score0.00125EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.44 views

CVE-2026-0041

In the connected disclosures, CVE-2026-0041 is tied to an integer overflow in multiple functions of ubsan_throwing_runtime.cpp, causing a UBSan failure that can lead to remote denial of service without extra privileges or user interaction. PT-2026-4712 explicitly flags Chromium as affected, notin...

6.5CVSS6AI score0.00253EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.43 views

CVE-2025-48545

CVE-2025-48545 affects Android’s AccountManagerService.isSystemUid in AccountManagerService.java, enabling a confused deputy to let an app access privileged APIs. This constitutes local privilege escalation with no additional execution privileges and no user interaction required. Public details i...

7.1CVSS6AI score0.00088EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.43 views

CVE-2026-0012

CVE-2026-0012 affects Android’s ExpandableNotificationRow.java (setHideSensitive) with a logic error causing a local information disclosure of contact names. Exploitation requires no user interaction and grants no privileges beyond local access; the issue is classified as information disclosure (...

6.2CVSS6.1AI score0.001EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.43 views

CVE-2026-0034

CVE-2026-0034 affects Android, arising from improper input validation in setPackageOrComponentEnabled within ManagedServices.java, causing a possible notification policy desync and local privilege elevation with no extra execution privileges or user interaction required. The issue is described ac...

8.4CVSS6.1AI score0.00096EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.42 views

CVE-2026-0087

CVE-2026-0087 : The connected sources identify a logic error in Android’s DomainVerificationService.java (approvalLevelForDomainInternal) that could allow hijacking an arbitrary app link, enabling local privilege escalation without user interaction. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:...

7.8CVSS6AI score0.00082EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.40 views

CVE-2025-48544

CVE-2025-48544 affects Google Android via a vulnerability in the MediaProvider component that allows reading files belonging to other apps due to SQL injection in multiple locations. The underlying issue enables local elevation of privilege with no additional execution privileges and without user...

7.8CVSS6.9AI score0.00095EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.40 views

CVE-2025-48558

CVE-2025-48558 affects the Android BatteryService.java component, where multiple functions could enable implicit intent hijacking of a system app. This yields local elevation of privilege without extra privileges or user interaction. The connected documents confirm the vulnerability type and impa...

7.8CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2026/01/06 1:47 a.m.39 views

CVE-2025-20787

CVE-2025-20787 describes a memory corruption through a use-after-free in the display path, potentially allowing local privilege escalation if an attacker already has System privileges. Exploitation reportedly does not require user interaction. The issue is associated with a patch ID ALPS10149879 ...

6.7CVSS6.5AI score0.00072EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.39 views

CVE-2025-32350

The CVE-2025-32350 issue affects Google Android Framework: in maybeShowDialog of ControlsSettingsDialogManager.kt there can be an overlay/tapjacking that causes a ControlsSettingsDialog to overlap, enabling local elevation of privilege without extra user interaction. The Android Security Bulletin...

7.8CVSS6.3AI score0.00081EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.39 views

CVE-2026-0055

CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...

6.2CVSS6AI score0.00084EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.39 views

CVE-2026-0077

CVE-2026-0077 is linked to Android’s ActivityRecord.java resumeConfigurationDispatch, where a logic error can trigger a background application launch (bal) and enable local privilege escalation without extra privileges or user interaction. Connected sources (NVD/Red Hat/NCSC EUVD, etc.) confirm t...

7.8CVSS5.9AI score0.00082EPSS
CVE
CVE
added 2026/06/18 6:29 a.m.39 views

CVE-2026-28573

CVE-2026-28573 affects Android Wear OS via a Framework component vulnerability described as a local denial of service in AndroidManifest.xml due to a missing permission check. The CVE is characterized as high severity with a CVSSv4 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:I:H/CI:H/AI:H; impacts ...

10CVSS5.6AI score0.00138EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.38 views

CVE-2025-48540

CVE-2025-48540 describes a local elevation-of-privilege vulnerability in the Android stack caused by a logic error in processTransactInternal of RpcState.cpp, which can trigger a local out-of-memory write. Exploitation requires local access; no user interaction is needed. Public references in And...

7.8CVSS6.4AI score0.00091EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.38 views

CVE-2026-0098

Technical details (affected products, versions, exploit specifics, or mitigations) are not publicly available in the provided documents. Monitor for updates and rely on official advisories when they are published.

7.8CVSS5.9AI score0.00068EPSS
CVE
CVE
added 2026/01/06 1:47 a.m.37 views

CVE-2025-20803

CVE-2025-20803 affects the dpe component. The issue is a memory corruption caused by an integer overflow that could allow local escalation of privilege when the attacker already has System privileges; exploitation requires user interaction. A patch is identified as ALPS10199779 (MSV-4504). Public...

6.7CVSS6.5AI score0.00079EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.37 views

CVE-2025-48522

CVE-2025-48522 is an elevation-of-privilege vulnerability in Android, caused by a logic error in the setDisplayName function of AssociationRequest.java that can allow an app to retain the CDM association. This can lead to local EoP with no additional execution privileges and requires no user inte...

7.8CVSS6.3AI score0.00093EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.37 views

CVE-2025-48528

CVE-2025-48528 describes a tapjacking/overlay vulnerability that could allow overlaying biometrics to achieve local privilege escalation with no user interaction. The Android Security Bulletin lists CVE-2025-48528 as a Framework issue with High severity and notes updated AOSP versions 15 and 16, ...

4CVSS6.4AI score0.00086EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.37 views

CVE-2025-48562

CVE-2025-48562 is an Android information-disclosure flaw caused by a logic error in the writeContent function of RemotePrintDocument.java. The issue can lead to local information disclosure without additional execution privileges, and exploitation requires user interaction. Multiple connected sou...

5CVSS5.1AI score0.00083EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.37 views

CVE-2026-0025

CVE-2026-0025 is a vulnerability in Android’s Notification.java hasImage path where a permissions bypass can leak information across users, enabling local privilege escalation with no extra execution privileges and no user interaction. Exploitation is local and no exploit details are provided in ...

8.4CVSS6.1AI score0.00102EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.37 views

CVE-2026-0048

Technical details for CVE-2026-0048 are not publicly provided in the supplied documents. The description notes a tapjacking/overlay issue with local privilege escalation, but no concrete affected products, versions, or fixes are disclosed. Monitor for updates.

6.8CVSS5.9AI score0.00075EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.36 views

CVE-2025-48529

The CVE-2025-48529 issue affects VoicemailNotificationSettingsUtil.java, specifically the setRingtoneUri function, causing a cross-user data leak (confused deputy) that can disclose local information without extra privileges. Exploitation requires no user interaction and is local. The connected d...

5.5CVSS5AI score0.0008EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.36 views

CVE-2025-48553

CVE-2025-48553 impacts Android’s DevicePolicyManagerService.java, where a logic error in handlePackagesChanged can cause a denial-of-service on a device admin, enabling local privilege escalation without extra execution privileges or user interaction. The issue is documented across multiple sourc...

7.8CVSS6.3AI score0.00086EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.36 views

CVE-2026-0079

Technical details about CVE-2026-0079 are not publicly available in the provided documents. Monitor for updates.

5.5CVSS6AI score0.00071EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.36 views

CVE-2026-0080

Technical details are not publicly available in the provided documents; no affected products, versions, vectors, or mitigations are specified. Monitor for updates.

6.5CVSS6AI score0.00265EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.35 views

CVE-2025-48537

CVE-2025-48537 affects Google Android and is described as a locally exploitable DoS due to improper input validation in multiple locations, which can also lead to local information disclosure without additional privileges or user interaction. Android security bulletins associate this and related ...

7.1CVSS5.2AI score0.00086EPSS
Total number of security vulnerabilities287