Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.
Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.
Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.
Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege.
Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.
Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.
Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
CVE-2025-20949
CRITICAL CVSS 9.1
Find Similar
Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.
Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.
Page 1+ Next →