Filtered by vendor Google
Subscribe
Total
13189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10200 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-22 | N/A | 8.8 HIGH |
| Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2025-8041 | 2 Google, Mozilla | 2 Android, Firefox | 2025-09-19 | N/A | 5.3 MEDIUM |
| In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141. | |||||
| CVE-2025-8042 | 2 Google, Mozilla | 2 Android, Firefox | 2025-09-19 | N/A | 9.8 CRITICAL |
| Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141. | |||||
| CVE-2024-44092 | 1 Google | 1 Android | 2025-09-15 | N/A | 7.8 HIGH |
| There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-9695 | 2 Galleryvault, Google | 2 Gallery Vault, Android | 2025-09-10 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | |||||
| CVE-2022-20356 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903 | |||||
| CVE-2025-36906 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26456 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0089 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32345 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48522 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48546 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48547 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.3 HIGH |
| In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-32320 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32318 | 1 Google | 1 Android | 2025-09-08 | N/A | 8.8 HIGH |
| In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32317 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32316 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26461 | 1 Google | 1 Android | 2025-09-08 | N/A | 3.3 LOW |
| In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26434 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0028 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||