Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-0072 | In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 10.0 | 0.03% | 2026-06-01 | 2026-06-03 |
| CVE-2025-48611 | In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 10.0 | 0.03% | 2026-03-10 | 2026-03-30 |
| CVE-2018-9416 | In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 10.0 | 0.04% | 2024-12-05 | 2024-12-18 |
| CVE-2017-13322 | In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 10.0 | 0.10% | 2025-01-17 | 2025-03-13 |
| CVE-2015-8073 | mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072. | 10.0 | 2.67% | 2015-11-03 | 2026-05-06 |
| CVE-2015-8072 | mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073. | 10.0 | 2.67% | 2015-11-03 | 2026-05-06 |
| CVE-2015-6610 | libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088. | 10.0 | 0.21% | 2015-11-03 | 2026-05-06 |
| CVE-2015-6609 | libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. | 10.0 | 5.33% | 2015-11-03 | 2026-05-06 |
| CVE-2015-6608 | mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073. | 10.0 | 2.67% | 2015-11-03 | 2026-05-06 |
| CVE-2015-6604 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. | 10.0 | 4.94% | 2015-10-06 | 2026-05-06 |
| CVE-2015-6603 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. | 10.0 | 3.76% | 2015-10-06 | 2026-05-06 |
| CVE-2015-6601 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. | 10.0 | 2.67% | 2015-10-06 | 2026-05-06 |
| CVE-2015-6600 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. | 10.0 | 2.67% | 2015-10-06 | 2026-05-06 |
| CVE-2015-6599 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. | 10.0 | 2.67% | 2015-10-06 | 2026-05-06 |
| CVE-2015-6598 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. | 10.0 | 2.55% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3877 | Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. | 10.0 | 2.67% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3875 | libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. | 10.0 | 2.84% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3874 | The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. | 10.0 | 2.67% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3873 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716. | 10.0 | 1.40% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3872 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. | 10.0 | 2.67% | 2015-10-06 | 2026-05-06 |