Skip to main content

Android

7243 CVEs product

Monthly

CVE-2025-21072 MEDIUM This Month

Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-61619 HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-61618 HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-61617 HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-61610 HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-61609 HIGH This Week

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-61608 HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-61607 HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-3012 HIGH This Week

In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-11133 HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-11132 HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-11131 HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-63435 MEDIUM POC This Month

Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Xtool Anyscan Android
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-63434 HIGH POC This Week

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Xtool Anyscan Android
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-63433 MEDIUM POC This Month

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Xtool Anyscan Android
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-63432 MEDIUM POC This Month

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Xtool Anyscan Android
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-48593 HIGH This Month

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Android +1
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-13102 MEDIUM Monitor

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-11919 MEDIUM POC Monitor

Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64741 HIGH This Month

Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Meeting Software Development Kit Workplace Android
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-63289 CRITICAL This Week

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Sogexia Android
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-60722 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google Onedrive Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-12729 MEDIUM PATCH Monitor

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12728 MEDIUM PATCH Monitor

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12725 HIGH PATCH This Month

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Android +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12447 MEDIUM PATCH Monitor

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome Android Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12435 MEDIUM PATCH This Month

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Android Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-12908 MEDIUM POC This Month

Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Android
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-11213 MEDIUM PATCH This Month

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-11209 HIGH PATCH This Month

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Android Suse
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-27918 CRITICAL POC Act Now

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Apple Integer Overflow Microsoft +5
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-27917 HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Google Apple Null Pointer Dereference Microsoft +6
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-27916 HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Authentication Bypass Anydesk Android +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-21075 MEDIUM Monitor

Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-21074 MEDIUM Monitor

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-21073 MEDIUM This Month

Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-21071 MEDIUM This Month

Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.7). No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-20749 MEDIUM This Month

In charger, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20747 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20746 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20745 MEDIUM Monitor

In apusys, there is a possible memory corruption due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Use After Free Privilege Escalation +2
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20744 MEDIUM Monitor

In pda, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Privilege Escalation Android +1
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20743 MEDIUM Monitor

In clkdbg, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Privilege Escalation Android +1
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20730 MEDIUM This Month

In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Yocto Rdk B Android +2
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-55971 MEDIUM POC This Month

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The device accepts unauthenticated SetAVTransportURI SOAP requests over TCP/16398 and attempts to retrieve externally referenced URIs, including attacker-controlled payloads. The blind SSRF allows for sending requests on behalf of the TV, which can be leveraged to probe for other internal or external services accessible by the device (e.g., 127.0.0.1:16XXX, LAN services, or internet targets), potentially enabling additional exploit chains.

SSRF 65c655 Firmware Android
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-59489 HIGH POC PATCH This Week

CVE-2025-59489 is a security vulnerability (CVSS 7.4) that allows argument injection that can result. Risk factors: public PoC available.

Code Injection Editor Android Windows macOS
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-9200 HIGH This Week

The Blappsta Mobile App Plugin - Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nh_ynaa_comments() function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQLi WordPress Android PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59407 CRITICAL POC Act Now

Hardcoded cryptographic key in Flock Safety DetectionProcessing app for ANPR. PoC available.

Information Disclosure Java Flock Safety Android
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-59406 MEDIUM POC This Month

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.

Information Disclosure Flock Safety Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-59405 HIGH POC This Week

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover the OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.

Information Disclosure Flock Safety Android
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59403 CRITICAL POC Act Now

Missing authentication in Flock Safety Collins Android app for ANPR cameras. EPSS 2.7%. PoC available.

Denial Of Service RCE Information Disclosure Flock Safety Android
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2025-59404 HIGH POC This Week

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Bravo Compute Box Firmware Android
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59834 npm CRITICAL POC PATCH Act Now

ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Google Adb Mcp Server Android
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-56146 MEDIUM This Month

Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-10184 HIGH This Week

The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SQLi Android
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-47967 MEDIUM Monitor

Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Edge Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-53231 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as z_erofs_decompressqueue_endio can be. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Android Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50240 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmap_lock for later use. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google Use After Free Information Disclosure +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21043 HIGH KEV THREAT Act Now

Samsung libimagecodec.quram.so contains a second out-of-bounds write in the image codec library, a separate vulnerability from CVE-2025-21042 affecting Samsung devices.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2025-21042 HIGH KEV THREAT Act Now

Samsung libimagecodec.quram.so contains an out-of-bounds write allowing remote code execution through crafted image files on Samsung Android devices.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2025-10201 HIGH PATCH This Month

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Android Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-56466 HIGH This Month

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Dietly Android
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-32320 HIGH This Month

In System UI, there is a possible way to view other users' images due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32318 HIGH This Month

In Skia, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-32317 MEDIUM This Month

In App Widget, there is a possible Information Disclosure due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-32316 MEDIUM This Month

In gralloc4, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26461 LOW Monitor

In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-26434 MEDIUM PATCH This Month

In libxml2, there is a possible out of bounds read due to a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-0028 MEDIUM This Month

In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-41408 MEDIUM This Month

Improper authorization in handler for custom URL scheme issue in "Yahoo!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-32322 HIGH This Week

In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26439 HIGH This Week

In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26431 HIGH This Week

In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26419 LOW Monitor

In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22415 MEDIUM This Month

In android_app of Android.bp, there is a possible way to launch any activity as a system user. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-22414 HIGH This Week

In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49731 MEDIUM This Month

In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-40664 MEDIUM This Month

In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Android Google
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-48563 HIGH This Week

In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48562 MEDIUM PATCH This Month

In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Information Disclosure Android Google
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-48561 MEDIUM PATCH This Month

In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48560 MEDIUM This Month

In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48559 MEDIUM PATCH This Month

In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48558 HIGH PATCH This Week

In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48556 HIGH PATCH This Week

In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48554 MEDIUM This Month

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-48553 HIGH This Week

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48552 HIGH This Week

In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48551 MEDIUM PATCH This Month

In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-48550 MEDIUM PATCH This Month

In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Path Traversal Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 5.7
MEDIUM This Month

Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Denial Of Service Android Google
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Xtool Anyscan +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Xtool Anyscan +1
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Xtool Anyscan +1
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Xtool Anyscan +1
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Month

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +3
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 8.1
HIGH This Month

Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Meeting Software Development Kit +2
NVD
EPSS 0% CVSS 9.1
CRITICAL This Week

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Sogexia +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google Onedrive +1
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +3
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Month

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Apple +7
NVD
EPSS 1% CVSS 7.5
HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Google Apple +8
NVD
EPSS 0% CVSS 7.5
HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Authentication Bypass +3
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.7). No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In charger, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +6
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +6
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

In apusys, there is a possible memory corruption due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service +4
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

In pda, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

In clkdbg, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Yocto +4
NVD
EPSS 0% CVSS 4.7
MEDIUM POC This Month

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The device accepts unauthenticated SetAVTransportURI SOAP requests over TCP/16398 and attempts to retrieve externally referenced URIs, including attacker-controlled payloads. The blind SSRF allows for sending requests on behalf of the TV, which can be leveraged to probe for other internal or external services accessible by the device (e.g., 127.0.0.1:16XXX, LAN services, or internet targets), potentially enabling additional exploit chains.

SSRF 65c655 Firmware Android
NVD GitHub
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

CVE-2025-59489 is a security vulnerability (CVSS 7.4) that allows argument injection that can result. Risk factors: public PoC available.

Code Injection Editor Android +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Blappsta Mobile App Plugin - Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nh_ynaa_comments() function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQLi WordPress Android +1
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Hardcoded cryptographic key in Flock Safety DetectionProcessing app for ANPR. PoC available.

Information Disclosure Java Flock Safety +1
NVD
EPSS 0% CVSS 6.2
MEDIUM POC This Month

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.

Information Disclosure Flock Safety Android
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover the OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.

Information Disclosure Flock Safety Android
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Missing authentication in Flock Safety Collins Android app for ANPR cameras. EPSS 2.7%. PoC available.

Denial Of Service RCE Information Disclosure +2
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Bravo Compute Box Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Google Adb Mcp Server +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 8.2
HIGH This Week

The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SQLi +1
NVD
EPSS 0% CVSS 4.7
MEDIUM Monitor

Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as z_erofs_decompressqueue_endio can be. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmap_lock for later use. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google +6
NVD
EPSS 5% CVSS 8.8
HIGH KEV THREAT Act Now

Samsung libimagecodec.quram.so contains a second out-of-bounds write in the image codec library, a separate vulnerability from CVE-2025-21042 affecting Samsung devices.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 2% CVSS 8.8
HIGH KEV THREAT Act Now

Samsung libimagecodec.quram.so contains an out-of-bounds write allowing remote code execution through crafted image files on Samsung Android devices.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Dietly +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Month

In System UI, there is a possible way to view other users' images due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.8
HIGH This Month

In Skia, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

In App Widget, there is a possible Information Disclosure due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In gralloc4, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In libxml2, there is a possible out of bounds read due to a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper authorization in handler for custom URL scheme issue in "Yahoo!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

In android_app of Android.bp, there is a possible way to launch any activity as a system user. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Path Traversal Android +1
NVD
Prev Page 4 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy