Export limit exceeded: 11905 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11905 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22433 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22434 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22437 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-9866 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-36898 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36905 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26444 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is automatically granted ROLE_ASSISTANT with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26443 | 1 Google | 1 Android | 2026-02-26 | 7.3 High |
| In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-0089 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26464 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-32331 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48522 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48531 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48546 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26431 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26439 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-39698 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 8.8 High |
| In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at that point. Those two should always go together, as the flag tells io_uring whether the field is valid or not. Additionally, on failure cleanup, the futex handler frees the data but does not clear ->async_data. Clear the data and the flag in the error path as well. Thanks to Trend Micro Zero Day Initiative and particularly ReDress for reporting this. | ||||
| CVE-2025-54988 | 1 Apache | 1 Tika | 2026-02-26 | 8.4 High |
| Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue. | ||||
| CVE-2025-43728 | 1 Dell | 33 Latitude 3330, Latitude 3420, Latitude 3440 and 30 more | 2026-02-26 | 9.6 Critical |
| Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. | ||||
| CVE-2025-58325 | 1 Fortinet | 1 Fortios | 2026-02-26 | 7.8 High |
| An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands. | ||||