聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-22077 | OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure. | 5.6 | 0.08% | 2026-04-27 | 2026-06-17 |
| CVE-2026-22078 | Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel. | 7.3 | 0.09% | 2026-06-29 | 2026-06-29 |
| CVE-2026-22069 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 无 | 0.11% | 2026-05-19 | 2026-06-29 |
| CVE-2021-23243 | In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. | 7.8 | 0.11% | 2021-09-27 | 2026-06-16 |
| CVE-2025-27389 | A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning. | 5.1 | 0.11% | 2025-12-04 | 2026-06-17 |
| CVE-2020-11836 | OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no. | 5.5 | 0.15% | 2021-02-05 | 2026-06-16 |
| CVE-2026-22070 | ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. | 7.1 | 0.21% | 2026-04-30 | 2026-06-17 |
| CVE-2025-27387 | OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure. | 7.4 | 0.24% | 2025-06-23 | 2026-06-17 |
| CVE-2020-11835 | In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability. | 5.5 | 0.32% | 2020-12-31 | 2026-06-16 |
| CVE-2020-11834 | In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability. | 5.5 | 0.32% | 2020-12-31 | 2026-06-16 |
| CVE-2020-11833 | In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability. | 5.5 | 0.32% | 2020-12-31 | 2026-06-16 |
| CVE-2020-11832 | In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability. | 5.5 | 0.32% | 2020-12-31 | 2026-06-16 |
| CVE-2025-27388 | Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens. | 8.3 | 0.36% | 2025-08-14 | 2026-06-17 |
| CVE-2024-1609 | In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation. | 8.7 | 0.46% | 2024-12-24 | 2026-06-17 |
| CVE-2024-1608 | In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction. | 9.1 | 0.46% | 2024-02-20 | 2026-06-17 |
| CVE-2021-23244 | ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission. | 7.8 | 0.63% | 2021-12-27 | 2026-06-16 |
| CVE-2023-26311 | A remote code execution vulnerability in the webview component of OPPO Store app. | 7.4 | 0.64% | 2023-08-10 | 2026-06-17 |
| CVE-2023-26309 | A remote code execution vulnerability in the webview component of OnePlus Store app. | 7.4 | 0.64% | 2023-08-10 | 2026-06-17 |
| CVE-2024-1610 | In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. | 8.7 | 0.66% | 2024-12-18 | 2026-06-17 |
| CVE-2021-23246 | In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. | 7.5 | 0.93% | 2022-03-11 | 2026-06-16 |