Filtered by vendor Google
Subscribe
Total
13150 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9674 | 2 Google, Transbyte | 2 Android, Scooper News | 2025-09-08 | 4.3 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9675 | 2 Google, Voice Changer Project | 2 Android, Voice Changer | 2025-09-08 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-9677 | 2 Google, Modo | 2 Android, Legend Of The Phoenix | 2025-09-08 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-36890 | 1 Google | 1 Android | 2025-09-08 | N/A | 9.8 CRITICAL |
| Elevation of Privilege | |||||
| CVE-2025-26437 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26441 | 1 Google | 1 Android | 2025-09-08 | N/A | 6.5 MEDIUM |
| In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26443 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.3 HIGH |
| In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-26444 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is automatically granted ROLE_ASSISTANT with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26445 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26448 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26440 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26449 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26450 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26453 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26458 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26462 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26454 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26464 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32321 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32323 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||