聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-0016 | In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 3.3 | 0.00% | 2026-06-01 | 2026-06-02 |
| CVE-2025-48587 | In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 6.2 | 0.00% | 2026-03-02 | 2026-03-06 |
| CVE-2025-48585 | In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 6.2 | 0.00% | 2026-03-02 | 2026-03-06 |
| CVE-2025-48579 | In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 8.4 | 0.00% | 2026-03-02 | 2026-03-06 |
| CVE-2025-48577 | In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.4 | 0.00% | 2026-03-02 | 2026-03-06 |
| CVE-2025-48574 | In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 8.4 | 0.00% | 2026-03-02 | 2026-03-06 |
| CVE-2025-48568 | In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.4 | 0.00% | 2026-03-02 | 2026-03-06 |
| CVE-2026-0094 | In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.00% | 2026-06-01 | 2026-06-03 |
| CVE-2026-0018 | In multiple functions of AccessibilityManagerService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | 0.00% | 2026-06-01 | 2026-06-02 |
| CVE-2025-48582 | In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 8.4 | 0.00% | 2026-03-02 | 2026-03-06 |
| CVE-2025-48575 | In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.00% | 2025-12-08 | 2025-12-10 |
| CVE-2026-28586 | In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 3.3 | 0.00% | 2026-06-01 | 2026-06-03 |
| CVE-2026-0056 | In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 3.3 | 0.00% | 2026-06-01 | 2026-06-03 |
| CVE-2026-0050 | In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 3.3 | 0.00% | 2026-06-01 | 2026-06-02 |
| CVE-2025-48621 | In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 7.3 | 0.00% | 2025-12-08 | 2025-12-08 |
| CVE-2025-48616 | In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 3.3 | 0.00% | 2026-06-01 | 2026-06-02 |
| CVE-2025-48608 | In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | 0.00% | 2025-12-08 | 2025-12-08 |
| CVE-2025-48604 | In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | 0.00% | 2025-12-08 | 2025-12-08 |
| CVE-2025-48600 | In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | 0.00% | 2025-12-08 | 2026-06-01 |
| CVE-2025-48560 | In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | 0.00% | 2025-09-04 | 2025-09-08 |