|
1
|
7.8 |
HIGH
Local
|
google
|
android
|
In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional …
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2025-48652
|
2026-06-3 03:59 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges need…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-48648
|
2026-06-3 03:59 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
3.3 |
LOW
Local
|
google
|
android
|
In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclos…
New
|
NVD-CWE-noinfo
|
CVE-2025-48616
|
2026-06-3 03:58 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
7.8 |
HIGH
Local
|
google
|
android
|
In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no ad…
New
|
CWE-441
Confused Deputy
|
CVE-2025-48570
|
2026-06-3 03:58 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
5.9 |
MEDIUM
Local
|
google
|
android
|
In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This c…
New
|
CWE-862
Missing Authorization
|
CVE-2025-26418
|
2026-06-3 03:58 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
5.9 |
MEDIUM
Local
|
google
|
android
|
In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional exe…
New
|
CWE-284
Improper Access Control
|
CVE-2025-22426
|
2026-06-3 03:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
7.8 |
HIGH
Local
|
google
|
android
|
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…
New
|
NVD-CWE-noinfo
|
CVE-2025-22424
|
2026-06-3 03:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
7.8 |
HIGH
Local
|
google
|
android
|
In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges neede…
New
|
NVD-CWE-noinfo
|
CVE-2025-32348
|
2026-06-3 03:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg…
New
|
CWE-59
Link Following
|
CVE-2026-40861
|
2026-06-3 03:49 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
7.2 |
HIGH
Network
|
apache
|
airflow
|
A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-…
New
|
CWE-601
Open Redirect
|
CVE-2026-40961
|
2026-06-3 03:49 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
