Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32320 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32317 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26454 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32321 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32324 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32326 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-32346 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48560 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22441 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.3 HIGH |
| In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-26452 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
| In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48532 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.3 HIGH |
| In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-48529 | 1 Google | 1 Android | 2025-09-05 | N/A | 5.5 MEDIUM |
| In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48545 | 1 Google | 1 Android | 2025-09-05 | N/A | 5.5 MEDIUM |
| In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48551 | 1 Google | 1 Android | 2025-09-05 | N/A | 5.0 MEDIUM |
| In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-22416 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
| In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22418 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-3924 | 1 Mikrotik | 1 Routeros | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities. | |||||
| CVE-2024-9870 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 4.3 MEDIUM |
| An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services. | |||||
| CVE-2019-1841 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected. | |||||
| CVE-2025-48710 | 2025-06-04 | N/A | 4.1 MEDIUM | ||
| kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in unauthenticated remote code execution on cluster nodes. | |||||