Filtered by vendor Google
Subscriptions
Total
13301 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5981 | 1 Google | 1 Osv-scalibr | 2025-08-07 | 6.5 Medium |
| Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images. | ||||
| CVE-2025-8524 | 2 Boquan, Google | 2 Dotwalle App, Android | 2025-08-05 | 5.3 Medium |
| A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.boquanhash.dotwallet. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8523 | 2 Google, Riderlike | 2 Android, Fruit Crush-brain App | 2025-08-05 | 5.3 Medium |
| A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.fruitcrush.fun. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10382 | 1 Google | 2 Android, Androidx.car.app | 2025-08-04 | 7.5 High |
| There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to install a malicious application on victims device to be able to attack any application that uses vulnerable library. We recommend upgrading the library past version 1.7.0-beta02. | ||||
| CVE-2025-4613 | 2 Google, Microsoft | 2 Web Designer, Windows | 2025-08-01 | 8.8 High |
| Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template | ||||
| CVE-2025-8292 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-01 | 8.8 High |
| Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-8192 | 2 Android, Google | 3 Android, Tv, Android Tv | 2025-07-31 | N/A |
| There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function. | ||||
| CVE-2024-10026 | 1 Google | 1 Gvisor | 2025-07-31 | 5.3 Medium |
| A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances. | ||||
| CVE-2025-0649 | 1 Google | 1 Tensorflow Serving | 2025-07-31 | 7.5 High |
| Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. | ||||
| CVE-2025-8257 | 3 Google, Lobby Universe, Lobbyuniverse | 3 Android, Lobby App, Lobby | 2025-07-31 | 5.3 Medium |
| A vulnerability classified as problematic was found in Lobby Universe Lobby App up to 2.8.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.maverick.lobby. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8207 | 3 Canara, Canarabank, Google | 3 Ai1 Mobile Banking App, Ai1, Android | 2025-07-31 | 5.3 Medium |
| A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.canarabank.mobility. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-9858 | 2 Google, Google Cloud | 2 Migrate To Containers, Migrate To Containers | 2025-07-30 | 7.8 High |
| There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond | ||||
| CVE-2025-0982 | 1 Google | 1 Application Integration | 2025-07-30 | 10.0 Critical |
| Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed. | ||||
| CVE-2024-8912 | 1 Google | 1 Cloud Looker | 2025-07-30 | 7.5 High |
| An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerable. This issue has already been mitigated and our investigation has found no signs of exploitation. * Looker (original) was not vulnerable to this issue. Customer-hosted Looker instances were found to be vulnerable and must be upgraded. This vulnerability has been patched in all supported versions of customer-hosted Looker, which are available on the Looker download page https://download.looker.com/ . For Looker customer-hosted instances, please update to the latest supported version of Looker as soon as possible. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page: * 23.12 -> 23.12.123+ * 23.18 -> 23.18.117+ * 24.0 -> 24.0.92+ * 24.6 -> 24.6.77+ * 24.8 -> 24.8.66+ * 24.10 -> 24.10.78+ * 24.12 -> 24.12.56+ * 24.14 -> 24.14.37+ | ||||
| CVE-2025-53649 | 2 Google, Switchbot | 2 Android, Switchbot App | 2025-07-30 | N/A |
| "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs. | ||||
| CVE-2024-11395 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-07-29 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-10604 | 1 Google | 1 Fuchsia | 2025-07-29 | 5.3 Medium |
| Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances | ||||
| CVE-2024-10603 | 1 Google | 1 Gvisor | 2025-07-29 | 5.3 Medium |
| Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances. | ||||
| CVE-2025-8275 | 2 Bsc, Google | 2 Peru Cocktails App, Android | 2025-07-29 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.peru_cocktails. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1079 | 3 Apple, Google, Linux | 3 Macos, Web Designer, Linux Kernel | 2025-07-29 | 7.8 High |
| Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature | ||||