Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-0072 | In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 10.0 | 0.03% | 2026-06-01 | 2026-06-03 |
| CVE-2025-48611 | In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 10.0 | 0.03% | 2026-03-10 | 2026-03-30 |
| CVE-2026-0006 | In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 0.04% | 2026-03-02 | 2026-03-06 |
| CVE-2025-48609 | In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.1 | 0.01% | 2026-03-02 | 2026-03-06 |
| CVE-2025-48626 | In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 0.35% | 2025-12-08 | 2025-12-08 |
| CVE-2025-26416 | In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 3.30% | 2025-09-02 | 2025-09-04 |
| CVE-2025-22435 | In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 0.27% | 2025-09-02 | 2025-09-04 |
| CVE-2025-22429 | In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 0.27% | 2025-09-02 | 2025-09-04 |
| CVE-2025-22408 | In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 1.98% | 2025-08-26 | 2025-09-02 |
| CVE-2025-22403 | In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 2.26% | 2025-08-26 | 2025-09-02 |
| CVE-2025-0075 | In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 1.78% | 2025-08-26 | 2025-09-02 |
| CVE-2025-0074 | In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 1.78% | 2025-08-26 | 2025-09-02 |
| CVE-2024-49748 | In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 5.60% | 2025-01-21 | 2025-04-22 |
| CVE-2024-49747 | In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 5.17% | 2025-01-21 | 2025-04-22 |
| CVE-2017-13322 | In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 10.0 | 0.10% | 2025-01-17 | 2025-03-13 |
| CVE-2018-9388 | In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege. | 9.8 | 0.15% | 2024-12-05 | 2024-12-19 |
| CVE-2018-9416 | In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 10.0 | 0.04% | 2024-12-05 | 2024-12-18 |
| CVE-2018-9430 | In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 5.06% | 2024-12-02 | 2024-12-18 |
| CVE-2018-9418 | In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 0.20% | 2024-12-02 | 2024-12-18 |
| CVE-2018-9479 | In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 9.8 | 5.91% | 2024-11-20 | 2024-12-18 |