Vendor CVEs
All CVEs
11,473 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-26420 | 0.00 | — | 0.00 | Sep 4, 2025 | In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction… | |||
| CVE-2025-22425 | 0.00 | — | 0.00 | Sep 4, 2025 | In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||
| CVE-2025-0087 | 0.00 | — | 0.00 | Sep 4, 2025 | In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2025-0077 | 0.00 | — | 0.00 | Sep 4, 2025 | In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-49739 | 0.00 | — | 0.00 | Sep 4, 2025 | In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-35657 | 0.00 | — | 0.00 | Sep 4, 2025 | In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36887 | 0.00 | — | 0.00 | Sep 4, 2025 | In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2024-56190 | 0.00 | — | 0.00 | Sep 4, 2025 | In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-56189 | 0.00 | — | 0.00 | Sep 4, 2025 | In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2025-36909 | 0.00 | — | 0.00 | Sep 4, 2025 | Information disclosure | |||
| CVE-2025-36908 | 0.00 | — | 0.00 | Sep 4, 2025 | In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36907 | 0.00 | — | 0.00 | Sep 4, 2025 | In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User… | |||
| CVE-2025-36906 | 0.00 | — | 0.00 | Sep 4, 2025 | In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36905 | 0.00 | — | 0.00 | Sep 4, 2025 | In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36904 | 0.00 | — | 0.00 | Sep 4, 2025 | WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384. | |||
| CVE-2025-36903 | 0.00 | — | 0.00 | Sep 4, 2025 | In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36902 | 0.00 | — | 0.00 | Sep 4, 2025 | In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36901 | 0.00 | — | 0.00 | Sep 4, 2025 | WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223. | |||
| CVE-2025-36900 | 0.00 | — | 0.00 | Sep 4, 2025 | In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36899 | 0.00 | — | 0.00 | Sep 4, 2025 | There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36898 | 0.00 | — | 0.00 | Sep 4, 2025 | There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36897 | 0.00 | — | 0.00 | Sep 4, 2025 | In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36896 | 0.00 | — | 0.00 | Sep 4, 2025 | WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106. | |||
| CVE-2025-36895 | 0.00 | — | 0.00 | Sep 4, 2025 | Information disclosure | |||
| CVE-2025-36894 | 0.00 | — | 0.00 | Sep 4, 2025 | In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36893 | 0.00 | — | 0.00 | Sep 4, 2025 | In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36892 | 0.00 | — | 0.00 | Sep 4, 2025 | Denial of service | |||
| CVE-2025-36891 | 0.00 | — | 0.00 | Sep 4, 2025 | Elevation of privilege | |||
| CVE-2025-36890 | 0.00 | — | 0.00 | Sep 4, 2025 | Elevation of Privilege | |||
| CVE-2025-9867 | 0.00 | — | 0.00 | Sep 3, 2025 | Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-9866 | 0.00 | — | 0.00 | Sep 3, 2025 | Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-9865 | 0.00 | — | 0.00 | Sep 3, 2025 | Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-26416 | 0.00 | — | 0.00 | Sep 2, 2025 | In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-22442 | 0.00 | — | 0.00 | Sep 2, 2025 | In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User… | |||
| CVE-2025-22439 | 0.00 | — | 0.00 | Sep 2, 2025 | In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed… | |||
| CVE-2025-22438 | 0.00 | — | 0.00 | Sep 2, 2025 | In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-22437 | 0.00 | — | 0.00 | Sep 2, 2025 | In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed… | |||
| CVE-2025-22435 | 0.00 | — | 0.00 | Sep 2, 2025 | In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-22434 | 0.00 | — | 0.00 | Sep 2, 2025 | In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-22433 | 0.00 | — | 0.00 | Sep 2, 2025 | In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges… | |||
| CVE-2025-22431 | 0.00 | — | 0.00 | Sep 2, 2025 | In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges… | |||
| CVE-2025-22430 | 0.00 | — | 0.00 | Sep 2, 2025 | In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-22429 | 0.00 | — | 0.00 | Sep 2, 2025 | In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-22428 | 0.00 | — | 0.00 | Sep 2, 2025 | In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution… | |||
| CVE-2025-22427 | 0.00 | — | 0.00 | Sep 2, 2025 | In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User… | |||
| CVE-2025-22423 | 0.00 | — | 0.00 | Sep 2, 2025 | In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-22422 | 0.00 | — | 0.00 | Sep 2, 2025 | In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges… | |||
| CVE-2025-22421 | 0.00 | — | 0.00 | Sep 2, 2025 | In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User… | |||
| CVE-2025-22419 | 0.00 | — | 0.00 | Sep 2, 2025 | In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for… | |||
| CVE-2025-22418 | 0.00 | — | 0.00 | Sep 2, 2025 | In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
- CVE-2025-26420Sep 4, 2025risk 0.00cvss —epss 0.00
In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…
- CVE-2025-22425Sep 4, 2025risk 0.00cvss —epss 0.00
In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2025-0087Sep 4, 2025risk 0.00cvss —epss 0.00
In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2025-0077Sep 4, 2025risk 0.00cvss —epss 0.00
In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-49739Sep 4, 2025risk 0.00cvss —epss 0.00
In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-35657Sep 4, 2025risk 0.00cvss —epss 0.00
In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36887Sep 4, 2025risk 0.00cvss —epss 0.00
In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2024-56190Sep 4, 2025risk 0.00cvss —epss 0.00
In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-56189Sep 4, 2025risk 0.00cvss —epss 0.00
In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for…
- CVE-2025-36909Sep 4, 2025risk 0.00cvss —epss 0.00
Information disclosure
- CVE-2025-36908Sep 4, 2025risk 0.00cvss —epss 0.00
In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36907Sep 4, 2025risk 0.00cvss —epss 0.00
In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User…
- CVE-2025-36906Sep 4, 2025risk 0.00cvss —epss 0.00
In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36905Sep 4, 2025risk 0.00cvss —epss 0.00
In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36904Sep 4, 2025risk 0.00cvss —epss 0.00
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.
- CVE-2025-36903Sep 4, 2025risk 0.00cvss —epss 0.00
In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36902Sep 4, 2025risk 0.00cvss —epss 0.00
In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36901Sep 4, 2025risk 0.00cvss —epss 0.00
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.
- CVE-2025-36900Sep 4, 2025risk 0.00cvss —epss 0.00
In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36899Sep 4, 2025risk 0.00cvss —epss 0.00
There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36898Sep 4, 2025risk 0.00cvss —epss 0.00
There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36897Sep 4, 2025risk 0.00cvss —epss 0.00
In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36896Sep 4, 2025risk 0.00cvss —epss 0.00
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.
- CVE-2025-36895Sep 4, 2025risk 0.00cvss —epss 0.00
Information disclosure
- CVE-2025-36894Sep 4, 2025risk 0.00cvss —epss 0.00
In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36893Sep 4, 2025risk 0.00cvss —epss 0.00
In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36892Sep 4, 2025risk 0.00cvss —epss 0.00
Denial of service
- CVE-2025-36891Sep 4, 2025risk 0.00cvss —epss 0.00
Elevation of privilege
- CVE-2025-36890Sep 4, 2025risk 0.00cvss —epss 0.00
Elevation of Privilege
- CVE-2025-9867Sep 3, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-9866Sep 3, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-9865Sep 3, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-26416Sep 2, 2025risk 0.00cvss —epss 0.00
In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-22442Sep 2, 2025risk 0.00cvss —epss 0.00
In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User…
- CVE-2025-22439Sep 2, 2025risk 0.00cvss —epss 0.00
In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed…
- CVE-2025-22438Sep 2, 2025risk 0.00cvss —epss 0.00
In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-22437Sep 2, 2025risk 0.00cvss —epss 0.00
In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…
- CVE-2025-22435Sep 2, 2025risk 0.00cvss —epss 0.00
In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-22434Sep 2, 2025risk 0.00cvss —epss 0.00
In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-22433Sep 2, 2025risk 0.00cvss —epss 0.00
In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…
- CVE-2025-22431Sep 2, 2025risk 0.00cvss —epss 0.00
In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges…
- CVE-2025-22430Sep 2, 2025risk 0.00cvss —epss 0.00
In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-22429Sep 2, 2025risk 0.00cvss —epss 0.00
In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-22428Sep 2, 2025risk 0.00cvss —epss 0.00
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution…
- CVE-2025-22427Sep 2, 2025risk 0.00cvss —epss 0.00
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User…
- CVE-2025-22423Sep 2, 2025risk 0.00cvss —epss 0.00
In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-22422Sep 2, 2025risk 0.00cvss —epss 0.00
In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…
- CVE-2025-22421Sep 2, 2025risk 0.00cvss —epss 0.00
In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User…
- CVE-2025-22419Sep 2, 2025risk 0.00cvss —epss 0.00
In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for…
- CVE-2025-22418Sep 2, 2025risk 0.00cvss —epss 0.00
In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Page 184 of 230