Skip to main content

Google

13978 CVEs vendor

Monthly

CVE-2025-26428 LOW PATCH Monitor

In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. Rated low severity (CVSS 3.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-26427 MEDIUM PATCH This Month

In multiple locations, there is a possible Android/data access due to a path traversal error. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Path Traversal Android
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-26426 MEDIUM This Month

In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Java Android
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-26425 MEDIUM PATCH This Month

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-26424 MEDIUM PATCH Monitor

In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-26423 MEDIUM PATCH This Month

In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Privilege Escalation Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-26422 MEDIUM PATCH Monitor

In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-26421 MEDIUM PATCH Monitor

In multiple locations, there is a possible lock screen bypass due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-26420 MEDIUM PATCH Monitor

In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-22425 MEDIUM PATCH This Month

In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android Google
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-0087 MEDIUM This Month

In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-0077 MEDIUM PATCH Monitor

In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-49739 MEDIUM Monitor

In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2023-35657 MEDIUM PATCH This Month

In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-38686 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry When UFFDIO_MOVE encounters a migration PMD entry, it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-36908 MEDIUM This Month

In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-36907 HIGH This Month

In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Google Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-36906 HIGH This Month

In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36905 HIGH This Month

In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36904 CRITICAL This Week

WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-36903 HIGH This Month

In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36902 MEDIUM This Month

In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-36901 HIGH This Month

WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-36900 MEDIUM This Month

In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-36899 HIGH This Month

There is a possible escalation of privilege due to test/debugging code left in a production build. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-36898 HIGH This Month

There is a possible escalation of privilege due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36897 CRITICAL This Week

In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android Google
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-36896 CRITICAL This Week

WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-36894 HIGH This Month

In TBD of TBD, there is a possible DoS due to a missing null check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-36893 MEDIUM This Month

In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-36887 HIGH This Month

In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-56190 HIGH This Month

In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-56189 MEDIUM This Month

In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-56139 MEDIUM This Month

LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linkedin Android
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-9867 MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-9866 HIGH PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-9865 MEDIUM PATCH This Month

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-9864 Awaiting Data

Rejected reason: This CVE ID was assigned in error to a vulnerability that was both introduced and fixed before the code landed in the Stable channel of Chrome, and has been withdrawn. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVE-2025-56608 MEDIUM Monitor

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Google Android Corona Virus Tracker App For India Android
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-26416 CRITICAL Act Now

In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-22442 HIGH This Week

In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-22439 HIGH This Week

In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-22438 HIGH This Week

In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Privilege Escalation Android +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22437 HIGH This Week

In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22435 CRITICAL Act Now

In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-22434 HIGH This Week

In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22433 HIGH This Week

In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22431 MEDIUM This Month

In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22430 MEDIUM This Month

In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22429 CRITICAL Act Now

In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Android Google
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-22428 HIGH This Week

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22427 HIGH This Week

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-22423 HIGH This Week

In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-22422 HIGH This Week

In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22421 MEDIUM This Month

In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22419 HIGH This Week

In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation XSS Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-22418 HIGH This Week

In multiple locations, there is a possible confused deputy due to Intent Redirect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22417 HIGH This Week

In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation XSS Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-22416 HIGH This Week

In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49730 HIGH This Week

In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49728 MEDIUM This Month

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-49722 MEDIUM This Month

In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-49720 HIGH This Week

In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-40653 HIGH This Month

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-20707 MEDIUM This Month

In geniezone, there is a possible memory corruption due to use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Denial Of Service Privilege Escalation +2
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20706 HIGH This Week

In mbrain, there is a possible memory corruption due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Denial Of Service Privilege Escalation +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20705 HIGH This Month

In monitor_hang, there is a possible memory corruption due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Denial Of Service Privilege Escalation +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9695 LOW POC Monitor

A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Hashicorp Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9677 LOW POC Monitor

A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9676 LOW POC Monitor

A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9675 LOW POC Monitor

A vulnerability was determined in Voice Changer App up to 1.1.0.xml of the component com.tuyangkeji.changevoice. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9674 LOW POC Monitor

A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-58067 Ruby MEDIUM PATCH Monitor

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Open Redirect
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-9673 LOW Monitor

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9672 LOW Monitor

A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9671 LOW Monitor

A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-48304 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin allows Stored XSS.02. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-9352 MEDIUM This Month

The Pronamic Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the description field in all versions up to, and including, 2.4.1 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS PHP
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-57821 Ruby MEDIUM PATCH Monitor

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Open Redirect
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-26417 MEDIUM This Month

In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-22413 MEDIUM PATCH This Month

In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android Google Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-22412 HIGH This Week

In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Android +1
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-22411 HIGH This Week

In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Android +1
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-22410 HIGH This Week

In multiple locations, there is a possible way to execute arbitrary code due to a use after free. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service Privilege Escalation +2
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-22409 HIGH This Week

In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service Privilege Escalation +2
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-22408 CRITICAL Act Now

In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Android +1
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-22407 MEDIUM This Month

In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service Information Disclosure +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22406 HIGH This Week

In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service Privilege Escalation +2
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-22405 HIGH This Week

In multiple locations, there is a possible way to execute arbitrary code due to a use after free. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service Privilege Escalation +2
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-22404 HIGH This Week

In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service Privilege Escalation +2
NVD
CVSS 3.1
8.4
EPSS
0.0%
EPSS 0% CVSS 3.2
LOW PATCH Monitor

In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. Rated low severity (CVSS 3.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Privilege Escalation Android +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

In multiple locations, there is a possible Android/data access due to a path traversal error. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Path Traversal +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Java +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH Monitor

In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Android +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Privilege Escalation Android +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH Monitor

In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH Monitor

In multiple locations, there is a possible lock screen bypass due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Privilege Escalation Android +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH Monitor

In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Java Android +1
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH Monitor

In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 4.0
MEDIUM Monitor

In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry When UFFDIO_MOVE encounters a migration PMD entry, it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Linux +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.3
HIGH This Month

In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Google +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 8.8
HIGH This Month

WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Android +1
NVD
EPSS 0% CVSS 8.4
HIGH This Month

There is a possible escalation of privilege due to test/debugging code left in a production build. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Month

There is a possible escalation of privilege due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.5
HIGH This Month

In TBD of TBD, there is a possible DoS due to a missing null check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linkedin +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
Awaiting Data

Rejected reason: This CVE ID was assigned in error to a vulnerability that was both introduced and fixed before the code landed in the Stable channel of Chrome, and has been withdrawn. No vendor patch available.

Google Information Disclosure Chrome
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Google Android Corona Virus Tracker App For India +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Java +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation XSS Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple locations, there is a possible confused deputy due to Intent Redirect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation XSS Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.3
HIGH This Month

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In geniezone, there is a possible memory corruption due to use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In mbrain, there is a possible memory corruption due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free +4
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In monitor_hang, there is a possible memory corruption due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free +6
NVD
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Hashicorp Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability was determined in Voice Changer App up to 1.1.0.xml of the component com.tuyangkeji.changevoice. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Open Redirect
NVD GitHub
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin allows Stored XSS.02. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Pronamic Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the description field in all versions up to, and including, 2.4.1 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS +1
NVD GitHub
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Open Redirect
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM This Month

In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +3
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple locations, there is a possible way to execute arbitrary code due to a use after free. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +4
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +4
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +4
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +4
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple locations, there is a possible way to execute arbitrary code due to a use after free. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +4
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +4
NVD
Prev Page 31 of 156 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy