Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.0 HIGH
CVE-2025-48641 — "Samsung Nfc Use After Free Privilege Escalation"

In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User inter…

android | Race Condition
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.4 HIGH
CVE-2025-48636 — Apache Bugreport Content Provider Path Traversal Vulnerability

In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no addi…

android | Path Traversal
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
0.0 NA
CVE-2025-48635 — Android TaskFragmentOrganizerController Local Privilege Escalation

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no addit…

android | Information Disclosure
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48634 — Android WindowManagerService Tapjack Vulnerability

In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution pri…

android | Authorization
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.4 HIGH
CVE-2025-48630 — Skia GPU Cache Side-Channel Disclosure

In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no add…

android | Information Disclosure
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.4 HIGH
CVE-2025-48619 — Apache ContentProvider File Truncation Vulnerability

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of priv…

android | Denial of Service
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
7.8 HIGH
CVE-2025-48613 — VBMeta Signer Key Forgery Vulnerability

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege …

android | Authentication
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
9.1 CRITICAL
CVE-2025-48609 — Android MmsProvider Path Traversal Vulnerability

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to l…

android | Remote | Path Traversal
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.4 HIGH
CVE-2025-48605 — Android Keyguard Lockscreen Bypass Vulnerability

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional executi…

android | Authentication
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.4 HIGH
CVE-2025-48602 — Android Keyguard Remote Lockscreen Bypass Local Privilege Escalation

In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privi…

android | Authorization
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
6.2 MEDIUM
CVE-2025-48587 — Apache ProfilingService Denial of Service Vulnerability

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execut…

android | Denial of Service
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
6.2 MEDIUM
CVE-2025-48585 — Apache ProfilingService Denial of Service Vulnerability

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execut…

android | Denial of Service
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.4 HIGH
CVE-2025-48582 — Google Android Intent Redirection Media Deletion Vulnerability

In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no addit…

android | Authorization
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.4 HIGH
CVE-2025-48579 — "MediaProvider Java External Storage Write Permission Bypass"

In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional…

android | Authorization
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-48578 — Apache MediaProvider Permission Bypass vulnerability

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privileg…

android | Authorization
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.4 HIGH
CVE-2025-48577 — Android Keyguard Lockscreen Bypass Vulnerability

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privil…

android | Race Condition
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.4 HIGH
CVE-2025-48574 — Google Chrome Drag-and-Drop Privilege Escalation

In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privile…

android | Authorization
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.4 HIGH
CVE-2025-48568 — Samsung Galaxy Lockscreen Bypass Vulnerability

In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

android | Race Condition
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-48567 — Apache HTTP Server Unicode Normalization Privilege Escalation Vulnerability

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalatio…

android | Path Traversal
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.4 HIGH
CVE-2025-32313 — Apache Software Java Out-of-Bounds Write Vulnerability

In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges …

android | Memory Corruption
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
Showing 20 of 4875 Results