Filtered by vendor Google
Subscribe
Total
13189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55559 | 1 Google | 1 Tensorflow | 2025-10-03 | N/A | 7.5 HIGH |
| An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D. | |||||
| CVE-2025-6044 | 1 Google | 1 Chrome Os | 2025-10-03 | N/A | 6.1 MEDIUM |
| An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature. | |||||
| CVE-2025-2509 | 1 Google | 1 Chrome Os | 2025-10-03 | N/A | 7.8 HIGH |
| Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description. | |||||
| CVE-2025-20926 | 2 Google, Samsung | 2 Android, Myfiles | 2025-10-03 | N/A | 5.5 MEDIUM |
| Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege. | |||||
| CVE-2025-21024 | 1 Google | 1 Android | 2025-10-02 | N/A | 3.3 LOW |
| Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information. | |||||
| CVE-2025-20980 | 1 Google | 1 Android | 2025-10-02 | N/A | 4.0 MEDIUM |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption. | |||||
| CVE-2025-20979 | 1 Google | 1 Android | 2025-10-02 | N/A | 8.4 HIGH |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code. | |||||
| CVE-2023-21482 | 2 Google, Samsung | 2 Android, Camera | 2025-10-01 | N/A | 6.1 MEDIUM |
| Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard. | |||||
| CVE-2021-39810 | 1 Google | 1 Android | 2025-09-30 | N/A | 7.8 HIGH |
| In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21342 | 1 Google | 1 Android | 2025-09-30 | N/A | 7.8 HIGH |
| In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-34739 | 1 Google | 1 Android | 2025-09-29 | N/A | 7.8 HIGH |
| In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-36890 | 1 Google | 1 Android | 2025-09-29 | N/A | 9.8 CRITICAL |
| Elevation of Privilege | |||||
| CVE-2025-26442 | 1 Google | 1 Android | 2025-09-29 | N/A | 5.5 MEDIUM |
| In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26436 | 1 Google | 1 Android | 2025-09-29 | N/A | 7.8 HIGH |
| In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26435 | 1 Google | 1 Android | 2025-09-29 | N/A | 7.8 HIGH |
| In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26430 | 1 Google | 1 Android | 2025-09-29 | N/A | 7.8 HIGH |
| In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-21035 | 2 Google, Samsung | 2 Android, Calendar | 2025-09-29 | N/A | 4.6 MEDIUM |
| Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles. | |||||
| CVE-2024-53647 | 3 Apple, Google, Trendmicro | 3 Iphone Os, Android, Id Security | 2025-09-29 | N/A | 6.5 MEDIUM |
| Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service. | |||||
| CVE-2025-8901 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-26 | N/A | 8.8 HIGH |
| Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-8879 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-26 | N/A | 8.8 HIGH |
| Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) | |||||