Total
8649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34739 | 1 Google | 1 Android | 2025-09-11 | N/A | 7.8 HIGH |
| In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-9695 | 2 Galleryvault, Google | 2 Gallery Vault, Android | 2025-09-10 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | |||||
| CVE-2025-48562 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.0 MEDIUM |
| In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-48561 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-20356 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903 | |||||
| CVE-2024-56189 | 1 Google | 1 Android | 2025-09-08 | N/A | 6.5 MEDIUM |
| In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36906 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26456 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0089 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32345 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48522 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48546 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48547 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.3 HIGH |
| In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-32320 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32318 | 1 Google | 1 Android | 2025-09-08 | N/A | 8.8 HIGH |
| In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32317 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32316 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26461 | 1 Google | 1 Android | 2025-09-08 | N/A | 3.3 LOW |
| In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26434 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0028 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||