CVE CyberSecurity Database News (Page 37)

Sep 4, 2025 Bluetooth

CVE-2025-26438 - Remote Privilege Escalation in Bluetooth SMP Authentication Due to Protocol Flaw

The security community has recently uncovered a severe vulnerability, CVE-2025-26438, affecting the core Bluetooth stack in many Linux and Android devices. This flaw lives in

Sep 4, 2025

CVE-2025-26436 - Exploiting Background Activity Launch (BAL) Bypass in Android’s clearAllowBgActivityStarts

CVE-2025-26436 is a critical Android vulnerability that allows apps to launch activities from the background without user interaction, bypassing security checks intended to block such

Sep 4, 2025

CVE-2025-26435 - Secondary User Can Disable Primary User's App Scanning on Android – Local Privilege Escalation Explained

--- In early 2025, security researchers uncovered a significant logic flaw in Android’s settings management, tracked as CVE-2025-26435. This vulnerability allows a secondary user

Sep 4, 2025 Google

CVE-2025-26430 - How a Simple Logic Flaw in SpaAppBridgeActivity May Leak Files Across Users on Android

On June 2, 2024, a vulnerability labeled CVE-2025-26430 came to light, affecting certain Android devices through a logic mistake in the SpaAppBridgeActivity class—specifically in

Sep 4, 2025 Exploit Java Google

CVE-2025-26429 - Permanent Local DoS Vulnerability in AppOpsService.java – Analysis, Exploit, and Mitigation

In early 2025, a new Android vulnerability was discovered and cataloged as CVE-2025-26429. In this post, we'll dissect the bug found in AppOpsService.