Skip to main content

Android

7243 CVEs product

Monthly

CVE-2025-48613 HIGH This Week

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48609 CRITICAL Act Now

Android MmsProvider has a vulnerability allowing arbitrary file deletion through improper handling of MMS data, potentially causing data loss on mobile devices.

Denial Of Service Path Traversal Android Google
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-48605 HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48602 HIGH This Week

In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48587 MEDIUM This Month

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. [CVSS 6.2 MEDIUM]

Denial Of Service Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-48585 MEDIUM This Month

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. [CVSS 6.2 MEDIUM]

Denial Of Service Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-48582 HIGH This Week

In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48579 HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48578 HIGH This Week

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48577 HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-48574 HIGH This Week

In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48568 HIGH This Week

In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-48567 HIGH This Week

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32313 HIGH This Week

In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-43766 MEDIUM This Month

Android versions up to 14.0 is affected by cleartext transmission of sensitive information (CVSS 6.5).

Information Disclosure Android Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-31328 HIGH This Week

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-20445 MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to local denial of service if a malicious actor has already obtained the System pri (CVSS 4.4).

Denial Of Service Race Condition Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20444 MEDIUM This Month

Local privilege escalation in Android's display module stems from insufficient bounds checking in memory operations, allowing system-level attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability affects Android devices where an adversary with existing system privileges can exploit this flaw to further escalate their access. No patch is currently available for this issue.

Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20443 MEDIUM This Month

Local privilege escalation in Android's display subsystem exploits a use-after-free memory corruption vulnerability to elevate from system-level privileges, requiring no user interaction. An attacker with pre-existing system access can trigger the memory corruption to gain complete control over the affected device. No patch is currently available to remediate this issue.

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20442 MEDIUM This Month

Android's display subsystem crashes due to a use-after-free memory error that allows a privileged local attacker to trigger a denial of service without user interaction. Exploitation requires pre-existing system-level access, limiting impact to scenarios where an attacker has already compromised the device at the highest privilege level. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20441 MEDIUM This Month

Android's MAE component contains an out-of-bounds write vulnerability due to insufficient bounds checking that enables local privilege escalation for attackers with existing system-level access. This memory corruption flaw requires no user interaction and could allow a privileged malicious actor to achieve arbitrary code execution, though exploitation is currently not publicly documented. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20440 MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20439 MEDIUM This Month

Android's imgsys component is vulnerable to a use-after-free condition that enables local denial of service attacks. Exploitation requires system-level privileges and causes immediate system crashes without user interaction. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20438 MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.4).

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-20437 MEDIUM This Month

Android MAE component is vulnerable to a use-after-free condition that can trigger a system crash, resulting in denial of service for devices where an attacker has already obtained system-level privileges. No user interaction is required for exploitation. Currently, no patch is available for this vulnerability.

Use After Free Denial Of Service Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20435 MEDIUM This Month

Device unique identifiers in the preloader of Openwrt, Android, Yocto, RDK-B, and Zephyr can be read by attackers with physical access due to a logic error, leading to local information disclosure without requiring additional privileges or user interaction. This vulnerability affects multiple embedded and IoT platforms where the preloader executes before operating system initialization. No patch is currently available for this issue.

Information Disclosure Openwrt Android Yocto Rdk B +2
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-20429 MEDIUM This Month

Android's display component fails to validate buffer boundaries during read operations, allowing a system-privileged attacker to access sensitive memory contents without user interaction. This out-of-bounds read vulnerability enables local information disclosure to any malicious process running with System privileges. No patch is currently available to address this issue.

Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20428 MEDIUM This Month

Improper bounds checking in Android's display subsystem enables local privilege escalation for attackers with system-level access, potentially allowing them to execute arbitrary code with elevated privileges. The vulnerability stems from an out-of-bounds write condition that requires no user interaction to exploit. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20427 MEDIUM This Month

Android's display subsystem contains a buffer overflow vulnerability stemming from insufficient bounds validation, allowing attackers with system-level privileges to escalate their access further without user interaction. This local privilege escalation affects Android devices and requires an attacker to already possess system privileges, limiting the immediate threat scope. While no patch is currently available, the vulnerability poses a significant risk in multi-user or containerized Android environments where system compromise could lead to complete device control.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20426 MEDIUM This Month

Android's display component contains an out-of-bounds write vulnerability due to insufficient bounds checking that could allow a system-privileged attacker to escalate privileges without user interaction. The vulnerability affects devices where an adversary has already obtained system-level access, enabling potential memory corruption and further privilege elevation. No patch is currently available.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20425 MEDIUM This Month

Android's display module contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling local privilege escalation for attackers who already possess System-level access. The vulnerability requires no user interaction and could allow complete system compromise through memory corruption. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20424 MEDIUM This Month

Android's display component contains an out-of-bounds read vulnerability stemming from insufficient bounds validation, allowing system-privileged attackers to disclose sensitive memory contents without user interaction. The vulnerability requires pre-existing system-level access but poses a high confidentiality risk through local information disclosure. No patch is currently available.

Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20416 HIGH This Week

Local privilege escalation in Android's PCIe driver allows system-level attackers to execute arbitrary code through an out-of-bounds write caused by insufficient bounds validation. Exploitation requires pre-existing system privileges but no user interaction, enabling a compromised system component to gain complete device control. No patch is currently available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-27510 CRITICAL POC Act Now

Remote control vulnerability in Unitree Go2 robot dog firmware 1.1.7-1.1.11. The companion Android app allows remote attackers to take control of the robot. PoC available.

Android Python RCE SQLi Go2 Firmware
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-24004 Go MEDIUM PATCH This Month

Fleet's Android MDM Pub/Sub endpoint fails to authenticate requests prior to version 4.80.1, allowing unauthenticated attackers to remotely trigger device unenrollment and remove Android devices from management. The vulnerability has limited impact, affecting only device management continuity without providing access to Fleet itself or device data. Organizations running vulnerable versions should upgrade immediately or disable Android MDM until patching is possible.

Android Fleet Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-26327 npm MEDIUM PATCH This Month

OpenClaw's mDNS/Bonjour discovery beacons transmit unauthenticated TXT records that iOS, macOS, and Android clients treat as authoritative for routing and TLS certificate pinning, allowing an attacker on a shared LAN to advertise a rogue service and redirect connections to attacker-controlled endpoints. An attacker can exploit this to bypass TLS pinning validation and potentially capture Gateway credentials through man-in-the-middle attacks. The vulnerability affects OpenClaw versions prior to 2026.2.14 and requires network proximity but no user interaction.

macOS Android iOS TLS AI / ML +2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23194 Monitor

In the Linux kernel, the following vulnerability has been resolved: rust_binder: correctly handle FDA objects of length zero Fix a bug where an empty FDA (fd array) object with 0 fds would cause an out-of-bounds error.

Linux Android Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2026-23128 MEDIUM PATCH This Month

The Linux kernel's ARM64 hibernation resume function fails to disable Control Flow Integrity (CFI) checking, causing a data abort exception when resuming from hibernation on affected systems. A local attacker with hibernation access could trigger a denial of service by invoking the resume function without proper CFI validation. This affects Linux kernel deployments on ARM64 architecture, though no patch is currently available.

Linux Information Disclosure Google Linux Kernel Android +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-1578 This Week

HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.

Android XSS
NVD
EPSS
0.0%
CVE-2026-0391 MEDIUM PATCH This Month

Edge Chromium is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).

Microsoft Android Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0106 CRITICAL Act Now

Missing bounds check in Android VPU (Video Processing Unit) driver's vpu_mmap allows arbitrary address memory mapping, potentially leading to local privilege escalation on Android devices.

Privilege Escalation Android Google
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-20983 HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to launch arbitrary activity with Samsung Dialer privilege (CVSS 7.8).

Samsung Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20982 MEDIUM This Month

Android ShortcutService path traversal vulnerability prior to the February 2026 SMR Release 1 enables privileged local attackers to create files with system-level privileges. The vulnerability requires high-level authentication and does not affect confidentiality significantly, but could allow attackers to modify system files or degrade availability. No patch is currently available.

Path Traversal Android
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-20981 MEDIUM This Month

Arbitrary command execution with system privileges in Android's FacAtFunction component allows a privileged physical attacker to bypass input validation controls prior to the February 2026 Security Maintenance Release 1. An adversary with physical access and elevated privileges can exploit this vulnerability to execute arbitrary commands at the system level. No patch is currently available.

RCE Android
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-20980 MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to execute arbitrary commands (CVSS 6.8).

RCE Android
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-20979 HIGH This Week

Android versions up to 15.0 contains a vulnerability that allows attackers to launch arbitrary activity with Settings privilege (CVSS 7.8).

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20978 MEDIUM This Month

Android versions up to 13.0 contains a vulnerability that allows attackers to bypass the persistence configuration of the application (CVSS 6.1).

Authentication Bypass Android
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-20977 MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to interrupt its functioning (CVSS 5.5).

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20417 MEDIUM This Month

Local privilege escalation in Android's PCIe driver stems from an out-of-bounds write vulnerability caused by insufficient bounds validation, allowing attackers with system-level privileges to escalate their access without user interaction. This medium-severity vulnerability (CVSS 5.3) affects Android devices and currently has no available patch. The CWE-787 vulnerability requires an attacker to already possess system privileges, limiting the immediate exploitation scope.

Privilege Escalation Android Google
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20415 MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local denial of service if a malicious actor has already obtained the System pri (CVSS 5.5).

Memory Corruption Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20414 MEDIUM This Month

Android's imgsys component contains a use-after-free vulnerability that allows privilege escalation when exploited by an attacker who already has system-level access. The flaw requires no user interaction and could enable a malicious actor to escalate their privileges further within the device. Currently, no patch is available to address this vulnerability.

Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20413 MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20412 HIGH This Week

The Android cameraisp component contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling privilege escalation for attackers who have already gained system-level access. No user interaction is required for exploitation, and the vulnerability affects confidentiality, integrity, and availability of the device. No patch is currently available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20411 HIGH This Week

A use-after-free vulnerability in Android's cameraisp component allows privilege escalation to local denial of service for attackers with system-level access, requiring no user interaction. The flaw enables malicious actors to manipulate memory safety boundaries and execute arbitrary actions within the camera service context. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20410 MEDIUM This Month

Local privilege escalation in Android's imgsys component allows system-level processes to achieve full system compromise through an out-of-bounds write caused by insufficient bounds validation. An attacker with existing system privileges can exploit this flaw without user interaction to gain complete control over the affected device. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20409 HIGH This Week

An out-of-bounds write vulnerability in Android's imgsys component allows a local attacker with system-level privileges to escalate permissions and gain complete control over the device due to insufficient bounds checking. The vulnerability requires no user interaction and cannot be patched in current versions. This affects Android devices where an attacker has already obtained elevated system access.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24490 PyPI HIGH POC PATCH This Week

MobSF versions prior to 4.4.5 are vulnerable to stored XSS through unsanitized rendering of Android manifest attributes in HTML reports, allowing attackers to inject malicious JavaScript by uploading crafted APK files. Public exploit code exists for this vulnerability, and successful exploitation enables session hijacking and account takeover of security analysts using the framework. Upgrade to version 4.4.5 or later to remediate.

Android XSS Mobile Security Framework
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-0906 CRITICAL PATCH Act Now

Chrome for Android prior to 144.0.7559.59 has a security UI spoofing vulnerability that allows remote attackers to display misleading security indicators.

Google Android Chrome Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-0901 MEDIUM PATCH This Month

Chrome versions up to 144.0.7559.59 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).

Google Android Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-48647 HIGH This Week

In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36911 HIGH POC This Week

Android versions up to - contains a vulnerability that allows attackers to remote (proximal/adjacent) information disclosure of user's conversations and lo (CVSS 7.1).

Information Disclosure Android Google
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-22694 MEDIUM PATCH This Month

Incomplete validation of passkey requests in AliasVault Android versions 0.24.0-0.25.2 allows a locally installed malicious application to obtain passkey responses for unauthorized websites by bypassing checks on calling app identity, origin, and RP ID. An attacker with local access could leverage this to gain unauthorized access to user accounts on targeted services. The vulnerability has been patched in version 0.25.3.

Android Aliasvault
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-14317 Monitor

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a `loyaltyGuestId` parameter. Server does not verify the permissions required to obtain the data.

Android
NVD
EPSS
0.0%
CVE-2026-20974 MEDIUM This Month

Android versions up to 13.0 contains a vulnerability that allows attackers to bypass Carrier Relock (CVSS 4.6).

Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-20973 MEDIUM This Month

libimagecodec.quram.so in Android devices prior to the January 2026 Security Maintenance Release 1 contains an out-of-bounds read vulnerability that allows remote attackers to access sensitive memory without authentication. The vulnerability has a network attack vector with low complexity, enabling potential information disclosure through specially crafted input. No patch is currently available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20972 LOW Monitor

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB. [CVSS 3.3 LOW]

Android
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-20971 HIGH POC This Week

Arbitrary code execution in the Android PROCA driver before the January 2026 security update results from a use-after-free vulnerability accessible to local attackers with basic privileges. An attacker with local access can exploit this memory safety flaw to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity vulnerability.

Use After Free Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20970 HIGH This Week

Android versions up to 15.0 contains a vulnerability that allows attackers to execute the privileged APIs (CVSS 7.8).

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20969 MEDIUM This Month

Android versions up to 13.0 contains a vulnerability that allows attackers to access file with system privilege (CVSS 5.5).

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20968 MEDIUM This Month

Arbitrary code execution in Android's DualDAR component prior to the January 2026 security patch stems from a use-after-free memory vulnerability that can be exploited by local attackers with elevated privileges. An attacker with high-level device access could leverage this flaw to execute arbitrary code with system-level permissions. No patch is currently available, leaving affected devices vulnerable until the SMR January 2026 Release 1 update is deployed.

Use After Free Android
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-62224 MEDIUM This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. [CVSS 5.5 MEDIUM]

Microsoft Android Edge
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20807 MEDIUM This Month

In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Integer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20806 MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20805 MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20804 MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20803 MEDIUM This Month

In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Integer Overflow Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20802 MEDIUM This Month

In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20800 HIGH This Week

In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20799 HIGH This Week

In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20798 HIGH This Week

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20797 HIGH This Week

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20796 HIGH This Week

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 7.8).

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20795 HIGH This Week

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20787 MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20785 MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20784 MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20783 MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20782 MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20780 HIGH This Week

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20779 HIGH This Week

In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.0 HIGH]

Use After Free Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH This Week

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Android MmsProvider has a vulnerability allowing arbitrary file deletion through improper handling of MMS data, potentially causing data loss on mobile devices.

Denial Of Service Path Traversal Android +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. [CVSS 6.2 MEDIUM]

Denial Of Service Android Google
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. [CVSS 6.2 MEDIUM]

Denial Of Service Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.4
HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.4
HIGH This Week

In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Android versions up to 14.0 is affected by cleartext transmission of sensitive information (CVSS 6.5).

Information Disclosure Android Google
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to local denial of service if a malicious actor has already obtained the System pri (CVSS 4.4).

Denial Of Service Race Condition Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation in Android's display module stems from insufficient bounds checking in memory operations, allowing system-level attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability affects Android devices where an adversary with existing system privileges can exploit this flaw to further escalate their access. No patch is currently available for this issue.

Memory Corruption Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation in Android's display subsystem exploits a use-after-free memory corruption vulnerability to elevate from system-level privileges, requiring no user interaction. An attacker with pre-existing system access can trigger the memory corruption to gain complete control over the affected device. No patch is currently available to remediate this issue.

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Android's display subsystem crashes due to a use-after-free memory error that allows a privileged local attacker to trigger a denial of service without user interaction. Exploitation requires pre-existing system-level access, limiting impact to scenarios where an attacker has already compromised the device at the highest privilege level. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's MAE component contains an out-of-bounds write vulnerability due to insufficient bounds checking that enables local privilege escalation for attackers with existing system-level access. This memory corruption flaw requires no user interaction and could allow a privileged malicious actor to achieve arbitrary code execution, though exploitation is currently not publicly documented. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Android's imgsys component is vulnerable to a use-after-free condition that enables local denial of service attacks. Exploitation requires system-level privileges and causes immediate system crashes without user interaction. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Android +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.4).

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Android MAE component is vulnerable to a use-after-free condition that can trigger a system crash, resulting in denial of service for devices where an attacker has already obtained system-level privileges. No user interaction is required for exploitation. Currently, no patch is available for this vulnerability.

Use After Free Denial Of Service Android +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Device unique identifiers in the preloader of Openwrt, Android, Yocto, RDK-B, and Zephyr can be read by attackers with physical access due to a logic error, leading to local information disclosure without requiring additional privileges or user interaction. This vulnerability affects multiple embedded and IoT platforms where the preloader executes before operating system initialization. No patch is currently available for this issue.

Information Disclosure Openwrt Android +4
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Android's display component fails to validate buffer boundaries during read operations, allowing a system-privileged attacker to access sensitive memory contents without user interaction. This out-of-bounds read vulnerability enables local information disclosure to any malicious process running with System privileges. No patch is currently available to address this issue.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper bounds checking in Android's display subsystem enables local privilege escalation for attackers with system-level access, potentially allowing them to execute arbitrary code with elevated privileges. The vulnerability stems from an out-of-bounds write condition that requires no user interaction to exploit. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's display subsystem contains a buffer overflow vulnerability stemming from insufficient bounds validation, allowing attackers with system-level privileges to escalate their access further without user interaction. This local privilege escalation affects Android devices and requires an attacker to already possess system privileges, limiting the immediate threat scope. While no patch is currently available, the vulnerability poses a significant risk in multi-user or containerized Android environments where system compromise could lead to complete device control.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's display component contains an out-of-bounds write vulnerability due to insufficient bounds checking that could allow a system-privileged attacker to escalate privileges without user interaction. The vulnerability affects devices where an adversary has already obtained system-level access, enabling potential memory corruption and further privilege elevation. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's display module contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling local privilege escalation for attackers who already possess System-level access. The vulnerability requires no user interaction and could allow complete system compromise through memory corruption. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Android's display component contains an out-of-bounds read vulnerability stemming from insufficient bounds validation, allowing system-privileged attackers to disclose sensitive memory contents without user interaction. The vulnerability requires pre-existing system-level access but poses a high confidentiality risk through local information disclosure. No patch is currently available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Local privilege escalation in Android's PCIe driver allows system-level attackers to execute arbitrary code through an out-of-bounds write caused by insufficient bounds validation. Exploitation requires pre-existing system privileges but no user interaction, enabling a compromised system component to gain complete device control. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

Remote control vulnerability in Unitree Go2 robot dog firmware 1.1.7-1.1.11. The companion Android app allows remote attackers to take control of the robot. PoC available.

Android Python RCE +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Fleet's Android MDM Pub/Sub endpoint fails to authenticate requests prior to version 4.80.1, allowing unauthenticated attackers to remotely trigger device unenrollment and remove Android devices from management. The vulnerability has limited impact, affecting only device management continuity without providing access to Fleet itself or device data. Organizations running vulnerable versions should upgrade immediately or disable Android MDM until patching is possible.

Android Fleet Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

OpenClaw's mDNS/Bonjour discovery beacons transmit unauthenticated TXT records that iOS, macOS, and Android clients treat as authoritative for routing and TLS certificate pinning, allowing an attacker on a shared LAN to advertise a rogue service and redirect connections to attacker-controlled endpoints. An attacker can exploit this to bypass TLS pinning validation and potentially capture Gateway credentials through man-in-the-middle attacks. The vulnerability affects OpenClaw versions prior to 2026.2.14 and requires network proximity but no user interaction.

macOS Android iOS +4
NVD GitHub
EPSS 0%
Monitor

In the Linux kernel, the following vulnerability has been resolved: rust_binder: correctly handle FDA objects of length zero Fix a bug where an empty FDA (fd array) object with 0 fds would cause an out-of-bounds error.

Linux Android Linux Kernel
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel's ARM64 hibernation resume function fails to disable Control Flow Integrity (CFI) checking, causing a data abort exception when resuming from hibernation on affected systems. A local attacker with hibernation access could trigger a denial of service by invoking the resume function without proper CFI validation. This affects Linux kernel deployments on ARM64 architecture, though no patch is currently available.

Linux Information Disclosure Google +4
NVD VulDB
EPSS 0%
This Week

HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.

Android XSS
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Edge Chromium is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).

Microsoft Android Edge Chromium
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Missing bounds check in Android VPU (Video Processing Unit) driver's vpu_mmap allows arbitrary address memory mapping, potentially leading to local privilege escalation on Android devices.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to launch arbitrary activity with Samsung Dialer privilege (CVSS 7.8).

Samsung Android
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Android ShortcutService path traversal vulnerability prior to the February 2026 SMR Release 1 enables privileged local attackers to create files with system-level privileges. The vulnerability requires high-level authentication and does not affect confidentiality significantly, but could allow attackers to modify system files or degrade availability. No patch is currently available.

Path Traversal Android
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Arbitrary command execution with system privileges in Android's FacAtFunction component allows a privileged physical attacker to bypass input validation controls prior to the February 2026 Security Maintenance Release 1. An adversary with physical access and elevated privileges can exploit this vulnerability to execute arbitrary commands at the system level. No patch is currently available.

RCE Android
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to execute arbitrary commands (CVSS 6.8).

RCE Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Android versions up to 15.0 contains a vulnerability that allows attackers to launch arbitrary activity with Settings privilege (CVSS 7.8).

Information Disclosure Android
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Android versions up to 13.0 contains a vulnerability that allows attackers to bypass the persistence configuration of the application (CVSS 6.1).

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to interrupt its functioning (CVSS 5.5).

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Local privilege escalation in Android's PCIe driver stems from an out-of-bounds write vulnerability caused by insufficient bounds validation, allowing attackers with system-level privileges to escalate their access without user interaction. This medium-severity vulnerability (CVSS 5.3) affects Android devices and currently has no available patch. The CWE-787 vulnerability requires an attacker to already possess system privileges, limiting the immediate exploitation scope.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local denial of service if a malicious actor has already obtained the System pri (CVSS 5.5).

Memory Corruption Denial Of Service Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's imgsys component contains a use-after-free vulnerability that allows privilege escalation when exploited by an attacker who already has system-level access. The flaw requires no user interaction and could enable a malicious actor to escalate their privileges further within the device. Currently, no patch is available to address this vulnerability.

Use After Free Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Android cameraisp component contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling privilege escalation for attackers who have already gained system-level access. No user interaction is required for exploitation, and the vulnerability affects confidentiality, integrity, and availability of the device. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use-after-free vulnerability in Android's cameraisp component allows privilege escalation to local denial of service for attackers with system-level access, requiring no user interaction. The flaw enables malicious actors to manipulate memory safety boundaries and execute arbitrary actions within the camera service context. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation in Android's imgsys component allows system-level processes to achieve full system compromise through an out-of-bounds write caused by insufficient bounds validation. An attacker with existing system privileges can exploit this flaw without user interaction to gain complete control over the affected device. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds write vulnerability in Android's imgsys component allows a local attacker with system-level privileges to escalate permissions and gain complete control over the device due to insufficient bounds checking. The vulnerability requires no user interaction and cannot be patched in current versions. This affects Android devices where an attacker has already obtained elevated system access.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

MobSF versions prior to 4.4.5 are vulnerable to stored XSS through unsanitized rendering of Android manifest attributes in HTML reports, allowing attackers to inject malicious JavaScript by uploading crafted APK files. Public exploit code exists for this vulnerability, and successful exploitation enables session hijacking and account takeover of security analysts using the framework. Upgrade to version 4.4.5 or later to remediate.

Android XSS Mobile Security Framework
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Chrome for Android prior to 144.0.7559.59 has a security UI spoofing vulnerability that allows remote attackers to display misleading security indicators.

Google Android Chrome +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Chrome versions up to 144.0.7559.59 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).

Google Android Chrome +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

Android versions up to - contains a vulnerability that allows attackers to remote (proximal/adjacent) information disclosure of user's conversations and lo (CVSS 7.1).

Information Disclosure Android Google
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Incomplete validation of passkey requests in AliasVault Android versions 0.24.0-0.25.2 allows a locally installed malicious application to obtain passkey responses for unauthorized websites by bypassing checks on calling app identity, origin, and RP ID. An attacker with local access could leverage this to gain unauthorized access to user accounts on targeted services. The vulnerability has been patched in version 0.25.3.

Android Aliasvault
NVD GitHub
EPSS 0%
Monitor

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a `loyaltyGuestId` parameter. Server does not verify the permissions required to obtain the data.

Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Android versions up to 13.0 contains a vulnerability that allows attackers to bypass Carrier Relock (CVSS 4.6).

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

libimagecodec.quram.so in Android devices prior to the January 2026 Security Maintenance Release 1 contains an out-of-bounds read vulnerability that allows remote attackers to access sensitive memory without authentication. The vulnerability has a network attack vector with low complexity, enabling potential information disclosure through specially crafted input. No patch is currently available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB. [CVSS 3.3 LOW]

Android
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Arbitrary code execution in the Android PROCA driver before the January 2026 security update results from a use-after-free vulnerability accessible to local attackers with basic privileges. An attacker with local access can exploit this memory safety flaw to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity vulnerability.

Use After Free Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Android versions up to 15.0 contains a vulnerability that allows attackers to execute the privileged APIs (CVSS 7.8).

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Android versions up to 13.0 contains a vulnerability that allows attackers to access file with system privilege (CVSS 5.5).

Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Arbitrary code execution in Android's DualDAR component prior to the January 2026 security patch stems from a use-after-free memory vulnerability that can be exploited by local attackers with elevated privileges. An attacker with high-level device access could leverage this flaw to execute arbitrary code with system-level permissions. No patch is currently available, leaving affected devices vulnerable until the SMR January 2026 Release 1 update is deployed.

Use After Free Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. [CVSS 5.5 MEDIUM]

Microsoft Android Edge
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Integer Overflow Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Integer Overflow Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 7.8).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Memory Corruption Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.0 HIGH]

Use After Free Privilege Escalation Race Condition +2
NVD
Prev Page 2 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy