Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 10,721 - 10,740 of 14,108 CVEs
CVE-2025-48635 HIGH - 7.7

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48634 HIGH - 7.3

In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48630 HIGH - 7.4

In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48619 HIGH - 8.4

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48613 HIGH - 7.8

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48605 HIGH - 8.4

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48602 HIGH - 8.4

In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48582 HIGH - 8.4

In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48579 HIGH - 8.4

In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48578 HIGH - 7.8

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48577 HIGH - 7.4

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48574 HIGH - 8.4

In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48568 HIGH - 7.4

In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-48567 HIGH - 7.8

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploit...

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2025-32313 HIGH - 8.4

In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2024-31328 HIGH - 8.8

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

Vendor: Google
Product: Android
Published: Mar 02, 2026
Source: NVD
CVE-2026-28342 HIGH - 7.5

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests. By issuing multiple parallel requests, an attacker c...

Vendor: go
Product: github.com/OliveTin/OliveTin
Published: Mar 02, 2026
Source: GitHub
CVE-2026-27932 HIGH - 7.5

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service (DoS) via CPU exhaustion. When the library ...

Vendor: pip
Product: joserfc
Published: Mar 02, 2026
Source: GitHub
CVE-2026-27622 HIGH - 7.8

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts acros...

Vendor: pip
Product: OpenEXR
Published: Mar 02, 2026
Source: GitHub
CVE-2026-3180 HIGH - 7.5

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cgl_mail’ parameter in all versions up to, and including, 28.1.4 due to insufficient escaping on the user supplied par...

Published: Mar 02, 2026
Source: NVD