Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CVEs (509)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-54917 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Oct 2, 2025 Sep 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-59033 - - Nov 17, 2025 Sep 8, 2025 N/A· v4 7.4 HIGH· v3 N/A· v2 The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked,...Show more The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a 'FileAttribRef' qualifier (such as file name or version) may not be blocked, whether hypervisor-protected code integrity (HVCI) is enabled or not. NOTE: The vendor disputes this CVE ID assignment and states that the driver blocklist is intended for use with HVCI.Show less
CVE-2025-26439 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local...Show more In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-26431 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no add...Show more In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-48554 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution priv...Show more In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2025-48546 1Google 1Android Sep 8, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges n...Show more In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-48534 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local denial of service with System execution privileges needed....Show more In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-48531 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...Show more In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-48522 1Google 1Android Sep 8, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution p...Show more In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-32331 1Google 1Android Sep 8, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...Show more In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-26464 1Google 1Android Sep 8, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privil...Show more In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-0089 1Google 1Android Sep 8, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio...Show more In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-26458 1Google 1Android Sep 8, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privil...Show more In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-26444 1Google 1Android Sep 8, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to...Show more In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is automatically granted ROLE_ASSISTANT with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-26443 1Google 1Android Sep 8, 2025 Sep 4, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with...Show more In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2025-36905 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User int...Show more In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-36898 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...Show more There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-9866 1Google 1Chrome Sep 4, 2025 Sep 3, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-22437 1Google 1Android Sep 4, 2025 Sep 2, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional ex...Show more In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-22434 1Google 1Android Sep 4, 2025 Sep 2, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges neede...Show more In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less

Previous 1...91011...26 Next