CVE Database

111521+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-48627
7.8 HIGH

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This …

Dec 8, 2025
CVE-2025-48626
9.8 CRITICAL

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to …

Dec 8, 2025
CVE-2025-48624
7.8 HIGH

In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with …

Dec 8, 2025
CVE-2025-48623
7.8 HIGH

In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege …

Dec 8, 2025
CVE-2025-48622
5.5 MEDIUM

In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with …

Dec 8, 2025
CVE-2025-48621
7.3 HIGH

In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege …

Dec 8, 2025
CVE-2025-48620
7.8 HIGH

In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application's component name to persist even after uninstalling due to a logic …

Dec 8, 2025
CVE-2025-48618
6.8 MEDIUM

In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege …

Dec 8, 2025
CVE-2025-48615
7.8 HIGH

In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no …

Dec 8, 2025
CVE-2025-48614
4.6 MEDIUM

In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This …

Dec 8, 2025
CVE-2025-48612
7.8 HIGH

In multiple locations, there is a possible way for an application on a work profile to set the main user's default NFC payment setting due …

Dec 8, 2025
CVE-2025-48610
5.5 MEDIUM

In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information …

Dec 8, 2025
CVE-2025-48607
5.5 MEDIUM

In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This …

Dec 8, 2025
CVE-2025-48604
5.5 MEDIUM

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local …

Dec 8, 2025
CVE-2025-48603
5.5 MEDIUM

In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with …

Dec 8, 2025
CVE-2025-48601
5.5 MEDIUM

In multiple locations, there is a possible permanent denial of service due to improper input validation. This could lead to local escalation of privilege with …

Dec 8, 2025
CVE-2025-48600
5.5 MEDIUM

In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information …

Dec 8, 2025
CVE-2025-48599
7.8 HIGH

In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead …

Dec 8, 2025
CVE-2025-48598
6.6 MEDIUM

In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to …

Dec 8, 2025
CVE-2025-48597
7.8 HIGH

In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to …

Dec 8, 2025
CVE-2025-48596
7.8 HIGH

In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of …

Dec 8, 2025
CVE-2025-48594
7.3 HIGH

In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to …

Dec 8, 2025
CVE-2025-48592
7.5 HIGH

In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure …

Dec 8, 2025
CVE-2025-48591
5.5 MEDIUM

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local …

Dec 8, 2025
CVE-2025-48590
5.5 MEDIUM

In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. …

Dec 8, 2025
CVE-2025-48589
7.8 HIGH

In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user due to a logic error in the code. This could …

Dec 8, 2025
CVE-2025-48588
7.8 HIGH

In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to …

Dec 8, 2025
CVE-2025-48586
7.8 HIGH

In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to …

Dec 8, 2025
CVE-2025-48584
5.5 MEDIUM

In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial …

Dec 8, 2025
CVE-2025-48583
7.8 HIGH

In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead …

Dec 8, 2025
CVE-2025-48580
7.8 HIGH

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic …

Dec 8, 2025
CVE-2025-48576
5.5 MEDIUM

In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with …

Dec 8, 2025
CVE-2025-48575
7.8 HIGH

In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of …

Dec 8, 2025
CVE-2025-48573
7.8 HIGH

In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use …

Dec 8, 2025
CVE-2025-48572
7.8 HIGH KEV

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation …

Dec 8, 2025
CVE-2025-48566
7.8 HIGH

In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to …

Dec 8, 2025
CVE-2025-48565
7.8 HIGH

In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could …

Dec 8, 2025
CVE-2025-48564
7.0 HIGH

In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no …

Dec 8, 2025
CVE-2025-48555
7.8 HIGH

In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege …

Dec 8, 2025
CVE-2025-48536
7.8 HIGH

In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could …

Dec 8, 2025
CVE-2025-48525
7.8 HIGH

In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to …

Dec 8, 2025
CVE-2025-32329
7.8 HIGH

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic …

Dec 8, 2025
CVE-2025-32328
7.8 HIGH

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic …

Dec 8, 2025
CVE-2025-32319
6.7 MEDIUM

In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead …

Dec 8, 2025
CVE-2025-22432
6.7 MEDIUM

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background …

Dec 8, 2025
CVE-2025-22420
7.8 HIGH

In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local …

Dec 8, 2025
CVE-2025-14257
7.3 HIGH

A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /newrecord.php. Executing manipulation of the argument …

Dec 8, 2025
CVE-2025-14256
7.3 HIGH

A vulnerability was detected in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID …

Dec 8, 2025
CVE-2025-65798
5.4 MEDIUM

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.

Dec 8, 2025
CVE-2025-65796
4.3 MEDIUM

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

Dec 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.