Skip to main content

Android

7243 CVEs product

Monthly

CVE-2025-20967 MEDIUM This Month

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery Android
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2025-20966 MEDIUM This Month

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-20964 MEDIUM This Month

Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-20963 MEDIUM This Month

Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-20962 MEDIUM This Month

Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-20961 MEDIUM This Month

Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20960 MEDIUM This Month

Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-20959 MEDIUM This Month

Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-20958 MEDIUM This Month

Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-20957 HIGH This Week

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-20956 MEDIUM This Month

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wear Os Android Samsung
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20955 MEDIUM This Month

Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20954 MEDIUM This Month

Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20953 MEDIUM This Month

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-20937 MEDIUM This Month

Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-40623 CRITICAL Act Now

SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Gim Android
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-46335 PyPI HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS Apple Mobile Security Framework +3
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-20671 HIGH This Week

In thermal, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-20668 HIGH This Week

In scp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20665 MEDIUM This Month

In devinfo, there is a possible information disclosure due to a missing SELinux policy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-3438 MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Apple Google WordPress Privilege Escalation Mstore Api +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-25983 LOW POC Monitor

An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure V380 Pro Android
NVD GitHub
CVSS 3.1
3.4
EPSS
0.2%
CVE-2025-27599 MEDIUM This Month

Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-36842 HIGH This Week

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Google Android
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2025-20952 MEDIUM This Month

Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-29805 HIGH This Week

Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Outlook Android
NVD
CVSS 3.1
7.5
EPSS
6.4%
CVE-2025-20948 MEDIUM This Month

Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20947 MEDIUM This Month

Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20944 MEDIUM This Month

Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-20943 MEDIUM This Month

Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-20942 MEDIUM This Month

Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-20941 MEDIUM This Month

Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-20938 MEDIUM This Month

Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20936 HIGH This Week

Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-20934 MEDIUM This Month

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20662 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Mt9972 +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20661 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Mt9972 +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20660 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20658 MEDIUM This Month

In DA, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Mt2718 +18
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20657 MEDIUM This Month

In vdec, there is a possible permission bypass due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20656 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +19
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-20655 MEDIUM This Month

In keymaster, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android Mt9972 Google
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-31127 MEDIUM This Month

Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-3068 HIGH PATCH This Week

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Android Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-3067 HIGH PATCH This Week

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Android Suse
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-25041 MEDIUM This Month

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Google Aruba Information Disclosure Android +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-1558 MEDIUM This Month

Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Mattermost Mobile Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25758 HIGH POC This Week

An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Kukufm Android
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-0245 MEDIUM This Month

A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2025-30259 LOW Monitor

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-30113 CRITICAL Act Now

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Dr 820 Firmware Android
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-2356 MEDIUM This Month

A vulnerability was found in BlackVue App 3.65 on Android. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Android
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-2355 MEDIUM This Month

A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-2342 MEDIUM This Month

A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-27606 MEDIUM PATCH This Month

Element Android is an Android Matrix Client provided by Element. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Element Android
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-0117 HIGH This Week

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Paloalto Google Privilege Escalation Microsoft +4
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-27839 LOW Monitor

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
3.2
EPSS
0.1%
CVE-2025-20926 MEDIUM This Month

Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Myfiles Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20909 MEDIUM This Month

Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-20908 MEDIUM This Month

Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20903 HIGH This Week

Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-1922 MEDIUM PATCH This Month

Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1917 MEDIUM PATCH This Month

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Android Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20653 MEDIUM This Month

In da, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20652 MEDIUM This Month

In V5 DA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android Google
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-20651 MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Yocto Rdk B Android +2
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-20650 MEDIUM This Month

In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-20648 MEDIUM This Month

In apu, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20645 HIGH This Week

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-0895 LOW Monitor

IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google IBM Cognos Analytics Mobile Android
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-20060 HIGH This Week

An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-9285 MEDIUM This Month

A vulnerability was found in Tu Yafeng Via Browser up to 5.9.0 on Android. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Android
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-50691 HIGH This Week

SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Isolarcloud Android
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2024-50688 CRITICAL Act Now

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Isolarcloud Android
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-50684 MEDIUM This Month

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Isolarcloud Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-39441 HIGH This Week

In wifi display, there is a possible missing permission check. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-1629 MEDIUM This Month

A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2020-6158 MEDIUM This Month

Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-1426 HIGH PATCH This Week

Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow Chrome Android +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-26700 MEDIUM This Month

Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.0
5.2
EPSS
0.0%
CVE-2025-0996 MEDIUM PATCH This Month

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-23421 MEDIUM This Month

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure Path Traversal Android +1
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-54916 MEDIUM This Month

An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-44336 MEDIUM This Month

An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-11621 HIGH This Week

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure Remote Desktop Manager Remote Desktop Manager Powershell +3
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21253 MEDIUM This Month

Microsoft Edge for IOS and Android Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Apple Edge +2
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-24805 PyPI HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google Privilege Escalation Apple Mobile Security Framework +2
NVD GitHub
CVSS 4.0
8.5
EPSS
0.2%
CVE-2025-24804 PyPI MEDIUM POC PATCH Monitor

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google Information Disclosure Apple Mobile Security Framework +2
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-24803 PyPI HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS Apple Mobile Security Framework +2
NVD GitHub
CVSS 4.0
8.4
EPSS
0.5%
CVE-2025-20907 MEDIUM This Month

Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
6.0
EPSS
0.1%
EPSS 0% CVSS 5.1
MEDIUM This Month

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wear Os Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Gim Android
NVD
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS +5
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

In thermal, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In scp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In devinfo, there is a possible information disclosure due to a missing SELinux policy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Apple Google WordPress +5
NVD
EPSS 0% CVSS 3.4
LOW POC Monitor

An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure V380 Pro +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 1% CVSS 7.3
HIGH This Week

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Google +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 6% CVSS 7.5
HIGH This Week

Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

In DA, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +20
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vdec, there is a possible permission bypass due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +21
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In keymaster, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +2
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Google Aruba +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Mattermost Mobile +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Kukufm +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Dr 820 Firmware +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability was found in BlackVue App 3.65 on Android. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Android
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Element Android is an Android Matrix Client provided by Element. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Element +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Paloalto Google +6
NVD
EPSS 0% CVSS 3.2
LOW Monitor

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Myfiles Android +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In da, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

In V5 DA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android +1
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Yocto +4
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In apu, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 2.4
LOW Monitor

IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google IBM +2
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Tu Yafeng Via Browser up to 5.9.0 on Android. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Android
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Isolarcloud +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Isolarcloud +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Isolarcloud +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

In wifi display, there is a possible missing permission check. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM This Month

Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Authentication Bypass +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow +3
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure +3
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure +5
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Microsoft Edge for IOS and Android Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure +4
NVD
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google Privilege Escalation +4
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC PATCH Monitor

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google Information Disclosure +4
NVD GitHub
EPSS 1% CVSS 8.4
HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS +4
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
Prev Page 8 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy