NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2021-23247 | A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine | 9.8 | 2.42% | 2022-04-01 | 2024-11-21 |
| CVE-2020-11831 | OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. | 9.8 | 0.36% | 2020-11-19 | 2024-11-21 |
| CVE-2020-11830 | QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. | 9.8 | 0.44% | 2020-11-19 | 2024-11-21 |
| CVE-2020-11829 | Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. | 9.8 | 0.50% | 2020-11-19 | 2024-11-21 |
| CVE-2024-1608 | In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction. | 9.1 | 0.24% | 2024-02-20 | 2025-04-02 |
| CVE-2024-1610 | In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. | 8.7 | 0.80% | 2024-12-18 | 2026-04-15 |
| CVE-2024-1609 | In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation. | 8.7 | 0.12% | 2024-12-25 | 2026-04-15 |
| CVE-2025-27388 | Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens. | 8.3 | 0.73% | 2025-08-14 | 2026-04-15 |
| CVE-2021-23244 | ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission. | 7.8 | 0.16% | 2021-12-27 | 2024-11-21 |
| CVE-2021-23243 | In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. | 7.8 | 0.04% | 2021-09-27 | 2024-11-21 |
| CVE-2021-23246 | In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. | 7.5 | 0.32% | 2022-03-11 | 2024-11-21 |
| CVE-2020-11828 | In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR. | 7.5 | 0.32% | 2020-04-21 | 2024-11-21 |
| CVE-2025-27387 | OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure. | 7.4 | 0.14% | 2025-06-23 | 2026-04-15 |
| CVE-2023-26311 | A remote code execution vulnerability in the webview component of OPPO Store app. | 7.4 | 1.42% | 2023-08-10 | 2024-11-21 |
| CVE-2023-26310 | There is a command injection problem in the old version of the mobile phone backup app. | 7.4 | 0.36% | 2023-08-09 | 2024-11-21 |
| CVE-2023-26309 | A remote code execution vulnerability in the webview component of OnePlus Store app. | 7.4 | 1.42% | 2023-08-10 | 2024-11-21 |
| CVE-2026-22069 | A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface. | 7.3 | 0.01% | 2026-05-19 | 2026-05-19 |
| CVE-2026-22070 | ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. | 7.1 | 0.01% | 2026-04-30 | 2026-05-05 |
| CVE-2026-22077 | OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure. | 5.6 | 0.01% | 2026-04-27 | 2026-05-19 |
| CVE-2020-11836 | OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no. | 5.5 | 0.04% | 2021-02-06 | 2024-11-21 |