Filtered by vendor Google
Subscriptions
Total
13301 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22407 | 1 Google | 1 Android | 2025-09-02 | 5.5 Medium |
| In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22408 | 1 Google | 1 Android | 2025-09-02 | 9.8 Critical |
| In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22409 | 1 Google | 1 Android | 2025-09-02 | 8.4 High |
| In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22410 | 1 Google | 1 Android | 2025-09-02 | 8.4 High |
| In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22411 | 1 Google | 1 Android | 2025-09-02 | 8.8 High |
| In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22412 | 1 Google | 1 Android | 2025-09-02 | 8.8 High |
| In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22413 | 1 Google | 1 Android | 2025-09-02 | 4 Medium |
| In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26417 | 1 Google | 1 Android | 2025-09-02 | 4 Medium |
| In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-44017 | 3 Apple, Google, Gunosy | 3 Ios, Android, Gunosy | 2025-09-02 | N/A |
| "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token). | ||||
| CVE-2025-55619 | 2 Google, Reolink | 2 Android, Reolink | 2025-08-28 | 9.8 Critical |
| Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering. | ||||
| CVE-2025-55623 | 2 Google, Reolink | 2 Android, Reolink | 2025-08-28 | 5.4 Medium |
| An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge). | ||||
| CVE-2022-20361 | 1 Google | 1 Android | 2025-08-27 | 6.5 Medium |
| In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832 | ||||
| CVE-2024-43090 | 1 Google | 1 Android | 2025-08-26 | 5 Medium |
| In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-0032 | 1 Google | 1 Android | 2025-08-26 | 6.8 Medium |
| In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-8210 | 3 Google, Yeelight, Yeelink | 3 Android, Yeelight Classic, Yeelight App | 2025-08-26 | 5.3 Medium |
| A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4609 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-08-26 | 9.6 Critical |
| Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | ||||
| CVE-2025-9118 | 1 Google | 1 Cloud Platform | 2025-08-25 | N/A |
| A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file. | ||||
| CVE-2025-43201 | 2 Apple, Google | 4 Apple Music, Music, Music Classical and 1 more | 2025-08-21 | 6.2 Medium |
| This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials. | ||||
| CVE-2025-8364 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 4.3 Medium |
| A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 141. | ||||
| CVE-2025-9132 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-21 | 8.8 High |
| Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||