Search Results (9292 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-10717 2 Google, Intsig 2 Android, Camscanner App 2026-04-15 5.3 Medium
A vulnerability has been found in intsig CamScanner App 6.91.1.5.250711 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.intsig.camscanner. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-21030 2 Google, Samsung 3 Android, Mobile, Samsung Mobile 2026-04-15 4.3 Medium
Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background.
CVE-2025-41408 2 Google, Ly Corporation 2 Android, Yahoo! Shopping App 2026-04-15 N/A
Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attack.
CVE-2025-14809 2 Google, The Browser Company 2 Android, Arc 2026-04-15 7.4 High
ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.
CVE-2025-48651 1 Google 1 Android 2026-04-14 4 Medium
In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0049 1 Google 1 Android 2026-04-13 6.2 Medium
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-45780 1 Google 1 Android 2026-04-08 7.3 High
In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2025-48611 1 Google 1 Android 2026-03-30 10 Critical
In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-20807 2 Google, Mediatek 4 Android, Mt6899, Mt6991 and 1 more 2026-03-30 6.7 Medium
In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114841; Issue ID: MSV-4451.
CVE-2025-20806 2 Google, Mediatek 4 Android, Mt6899, Mt6991 and 1 more 2026-03-30 6.7 Medium
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114835; Issue ID: MSV-4479.
CVE-2025-20805 2 Google, Mediatek 4 Android, Mt6899, Mt6991 and 1 more 2026-03-30 6.7 Medium
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480.
CVE-2025-20804 2 Google, Mediatek 3 Android, Mt6899, Mt6991 2026-03-30 6.7 Medium
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503.
CVE-2025-20803 2 Google, Mediatek 4 Android, Mt6899, Mt6991 and 1 more 2026-03-30 6.7 Medium
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504.
CVE-2025-20787 2 Google, Mediatek 31 Android, Mt2718, Mt6739 and 28 more 2026-03-30 6.7 Medium
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149879; Issue ID: MSV-4658.
CVE-2025-20786 2 Google, Mediatek 46 Android, Mt6739, Mt6761 and 43 more 2026-03-30 6.7 Medium
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.
CVE-2025-20785 2 Google, Mediatek 46 Android, Mt6739, Mt6761 and 43 more 2026-03-30 6.7 Medium
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677.
CVE-2025-20784 3 Google, Mediatek, Mediatk 73 Android, Mt6739, Mt6761 and 70 more 2026-03-30 6.7 Medium
In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683.
CVE-2025-20783 2 Google, Mediatek 46 Android, Mt6739, Mt6761 and 43 more 2026-03-30 6.7 Medium
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684.
CVE-2025-20782 2 Google, Mediatek 46 Android, Mt6739, Mt6761 and 43 more 2026-03-30 6.7 Medium
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4685.
CVE-2025-20781 2 Google, Mediatek 46 Android, Mt6739, Mt6761 and 43 more 2026-03-30 7.8 High
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.