Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.8 HIGH
CVE-2025-48646 — Google Android Confused Deputy Local Privilege Escalation

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges neede…

| Information Disclosure
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48645 — Android DeviceAdminInfo Persistent Package Escalation

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution priv…

| Information Disclosure
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48644 — Apache HTTP Server DoS Vulnerability

In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. Us…

| Denial of Service
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48642 — Apache Router Deserialization Information Disclosure

In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges …

| Information Disclosure
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48641 — "Samsung Nfc Use After Free Privilege Escalation"

In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User inter…

| Race Condition
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.4 HIGH
CVE-2025-48636 — Apache Bugreport Content Provider Path Traversal Vulnerability

In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no addi…

| Path Traversal
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48635 — Android TaskFragmentOrganizerController Local Privilege Escalation

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no addit…

| Information Disclosure
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48634 — Android WindowManagerService Tapjack Vulnerability

In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution pri…

| Authorization
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48630 — Skia GPU Cache Side-Channel Disclosure

In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no add…

| Information Disclosure
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48619 — Apache ContentProvider File Truncation Vulnerability

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of priv…

| Denial of Service
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48613 — VBMeta Signer Key Forgery Vulnerability

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege …

| Authentication
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48609 — Android MmsProvider Path Traversal Vulnerability

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to l…

| Path Traversal
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48605 — Android Keyguard Lockscreen Bypass Vulnerability

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional executi…

| Authentication
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-48602 — Android Keyguard Remote Lockscreen Bypass Local Privilege Escalation

In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privi…

| Authorization
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
6.2 MEDIUM
CVE-2025-48587 — Apache ProfilingService Denial of Service Vulnerability

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execut…

| Denial of Service
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
6.2 MEDIUM
CVE-2025-48585 — Apache ProfilingService Denial of Service Vulnerability

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execut…

| Denial of Service
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.4 HIGH
CVE-2025-48582 — Google Android Intent Redirection Media Deletion Vulnerability

In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no addit…

| Authorization
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.4 HIGH
CVE-2025-48579 — "MediaProvider Java External Storage Write Permission Bypass"

In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional…

| Authorization
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-48578 — Apache MediaProvider Permission Bypass vulnerability

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privileg…

| Authorization
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.4 HIGH
CVE-2025-48577 — Android Keyguard Lockscreen Bypass Vulnerability

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privil…

| Race Condition
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
Showing 20 of 4870 Results