Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 10,701 - 10,720 of 14,108 CVEs
CVE-2026-0030 HIGH - 8.4

In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0028 HIGH - 8.4

In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0026 HIGH - 7.8

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0025 HIGH - 7.8

In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0023 HIGH - 8.4

In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0021 HIGH - 8.4

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0020 HIGH - 8.4

In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0017 HIGH - 7.7

In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0013 HIGH - 8.4

In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0011 HIGH - 8.4

In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0010 HIGH - 8.4

In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0008 HIGH - 8.4

In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0007 HIGH - 8.6

In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48654 HIGH - 7.8

In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48653 HIGH - 7.8

In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48650 HIGH - 8.4

In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48646 HIGH - 7.8

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48645 HIGH - 7.8

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48641 HIGH - 7.0

In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48636 HIGH - 8.4

In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD