Skip to main content

Google

13978 CVEs vendor

Monthly

CVE-2025-22403 CRITICAL Act Now

In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Android +1
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-0093 HIGH This Week

In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0092 MEDIUM This Month

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-0086 MEDIUM This Month

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-0084 HIGH This Week

In multiple locations, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Use After Free Denial Of Service +2
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-0083 MEDIUM This Month

In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-0082 MEDIUM This Month

In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Java Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-0081 HIGH This Week

In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0080 HIGH This Month

In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-0079 HIGH This Month

In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-0078 HIGH This Month

In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-0075 CRITICAL This Week

In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Android +1
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-0074 CRITICAL This Week

In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Android +1
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-49740 MEDIUM This Month

In multiple locations, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-21125 HIGH This Week

In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Privilege Escalation Android +1
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-55443 CRITICAL This Week

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device's external. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Telpo Mdm Android
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-9478 HIGH PATCH This Month

Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-25736 MEDIUM POC This Week

Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Ris 9160 Firmware Ris 9260 Firmware Android
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-9118 CRITICAL Act Now

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Path Traversal Node.js
NVD
CVSS 4.0
10.0
EPSS
0.3%
CVE-2025-4609 CRITICAL POC PATCH Act Now

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Information Disclosure Chrome Windows +1
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-55623 MEDIUM POC This Month

An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Reolink Android
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-38646 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band With a quite rare chance, RX report might. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Google Linux Linux Kernel +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38640 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nf_hook_run_bpf(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Linux Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27213 MEDIUM Monitor

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ubiquiti Google Android
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-53565 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews allows PHP Local File Inclusion.0.15. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Google Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-9132 HIGH PATCH This Month

Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-9186 MEDIUM PATCH This Month

Spoofing issue in the Address Bar component of Firefox Focus for Android. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8364 MEDIUM This Month

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8042 CRITICAL PATCH Act Now

Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8041 MEDIUM PATCH This Month

In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-55306 CRITICAL This Week

GenX_FX is an advance IA trading platform that will focus on forex trading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-38592 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv Currently both dev_coredumpv and skb_put_data in hci_devcd_dump use. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38578 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google Use After Free Denial Of Service +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38577 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google Use After Free Information Disclosure +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38572 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Linux Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38554 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped By inducing delays in the right places, Jann Horn created a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google Use After Free Information Disclosure +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9135 LOW POC Monitor

A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9134 LOW POC Monitor

A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-55213 Go MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Google Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-9102 LOW POC Monitor

A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9098 LOW Monitor

A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9097 LOW Monitor

A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9093 LOW POC Monitor

A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-38507 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using bluetooth-connected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Linux Linux Kernel Android +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38503 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Linux Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43201 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Music Classical Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-50862 MEDIUM This Month

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50861 MEDIUM This Month

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Google
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-54730 MEDIUM This Month

Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews allows Accessing Functionality Not Properly Constrained by ACLs.7.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54703 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Prince Integrate Google Drive allows Cross Site Request Forgery.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-54682 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-54681 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing.2.4. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-52732 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 Google Map Targeting allows PHP Local File Inclusion.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI PHP Google Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-28962 MEDIUM This Month

Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54809 HIGH This Month

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure F5 Access Android
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-8901 HIGH PATCH This Month

Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8882 HIGH PATCH This Week

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-8881 MEDIUM PATCH This Month

Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8880 HIGH PATCH This Month

Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Google Race Condition Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8879 HIGH PATCH This Month

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49755 MEDIUM Monitor

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Edge Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49736 MEDIUM Monitor

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Edge Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-8751 LOW POC Monitor

A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google XSS Chrome
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-8745 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android.xml of the component com.ricepo.app. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8707 LOW POC Monitor

A vulnerability was found in Huuge Box App 1.0.3 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8583 MEDIUM PATCH This Month

Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8582 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-8581 MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8580 MEDIUM PATCH This Month

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-8579 MEDIUM PATCH This Month

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-8578 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-8577 MEDIUM PATCH Monitor

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-8576 HIGH PATCH This Month

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-7050 HIGH This Month

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google File Upload XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-8524 LOW Monitor

A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8523 LOW Monitor

A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-20698 MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20697 MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20696 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-8513 LOW Monitor

A vulnerability, which was classified as problematic, was found in Caixin News App 8.0.1 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8512 LOW Monitor

A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android.xml of the component hk.com.tvb.bigbigshop. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-7845 MEDIUM This Month

The Stratum - Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8275 LOW Monitor

Improper export of Android application components in bsc Peru Cocktails App 1.0.0 allows local authenticated attackers to access unexported activities, services, or broadcast receivers defined in AndroidManifest.xml, leading to information disclosure. The vulnerability has been publicly disclosed with exploit code available, though real-world risk is minimal given the low CVSS score (1.9) and EPSS exploitation probability (0.02%), indicating this affects only authenticated users with local device access and results in limited confidentiality impact.

Information Disclosure Google
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8258 LOW POC Monitor

Cool Mo Maigcal Number App versions 1.0.0 through 1.0.3 on Android contain improper export of application components in AndroidManifest.xml, allowing local authenticated attackers to access sensitive functionality of the com.sdmagic.number component. While CVSS severity is minimal (1.9), publicly available exploit code exists; exploitation requires local device access and authenticated privileges but carries information disclosure impact.

Information Disclosure Google Maigcal Number
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8257 LOW POC Monitor

Improper export of Android application components in Lobby Universe Lobby App versions 2.0 through 2.8.0 allows local attackers with user-level privileges to access sensitive functionality via the com.maverick.lobby component. The vulnerability stems from AndroidManifest.xml misconfiguration that exposes internal application activities without proper permission protection, enabling local privilege escalation or information disclosure. Publicly available exploit code exists, though exploitation requires local device access and authenticated user privileges.

Information Disclosure Google Lobby
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8210 LOW POC Monitor

Improper export of Android application components in Yeelink Yeelight App up to version 3.5.4 allows local attackers with user-level privileges to access sensitive application functions through the AndroidManifest.xml configuration of the com.yeelight.cherry component. The vulnerability has a very low real-world impact (CVSS 1.9, EPSS 0.03%) despite public exploit availability, as exploitation requires local device access and user-level privileges, limiting practical attack scenarios to compromised or physically accessible devices.

Information Disclosure Google Yeelight Classic
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8207 LOW POC Monitor

Improper export of Android application components in Canara ai1 Mobile Banking App version 3.6.23 allows local attackers with user-level privileges to access sensitive exported components via AndroidManifest.xml misconfigurations. The vulnerability enables information disclosure with low confidentiality impact. Public exploit code exists but real-world exploitation risk is minimal (EPSS 0.03%, CVSS 1.9) due to requirement for local device access and authenticated user privileges.

Information Disclosure Google Ai1
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-38400 MEDIUM PATCH This Month

Linux kernel NFS subsystem fails to clean up /proc/net/rpc/nfs directory when nfs_fs_proc_net_init() encounters a memory allocation failure, causing a warning when rpc_proc_exit() later attempts to remove the non-empty parent directory. The vulnerability affects kernel versions 6.16-rc1 through 6.16-rc3 and likely earlier versions, and requires local privileges to trigger via fault injection or memory pressure. While marked as availability impact (DoS via kernel warning), the practical severity is limited as it primarily causes a procfs resource leak rather than direct system compromise.

Information Disclosure Google Linux Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-7940 LOW POC Monitor

Improper export of Android application components in Genshin Albedo Cat House App 1.0.2 allows local attackers with user privileges to access sensitive information through AndroidManifest.xml misconfigurations in the com.house.auscat component. The vulnerability requires local access and authenticated user privileges but carries minimal real-world risk due to low EPSS (0.02%) and the constraint of local-only exploitation.

Information Disclosure Google
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-7893 LOW POC Monitor

Foresight News App for Android versions up to 2.6.4 improperly exports application components via AndroidManifest.xml, allowing local attackers with limited privileges to access sensitive information. The CVSS 1.9 score reflects low actual impact (information disclosure only, no integrity or availability loss), though the vulnerability is publicly exploitable. EPSS percentile of 13% indicates minimal real-world exploitation likelihood despite public POC availability, suggesting this is a low-priority issue for most deployments.

Information Disclosure Google Foresight News
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL Act Now

In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In multiple locations, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +4
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Java Android +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.8
HIGH This Month

In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +3
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In multiple locations, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 8.0
HIGH This Week

In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 9.1
CRITICAL This Week

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device's external. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Telpo Mdm +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Week

Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Ris 9160 Firmware +2
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Path Traversal Node.js
NVD
EPSS 0% CVSS 9.6
CRITICAL POC PATCH Act Now

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Information Disclosure +3
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Reolink +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band With a quite rare chance, RX report might. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Google +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nf_hook_run_bpf(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Linux +3
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM Monitor

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ubiquiti Google +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews allows PHP Local File Inclusion.0.15. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Google +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Spoofing issue in the Address Bar component of Firefox Focus for Android. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

GenX_FX is an advance IA trading platform that will focus on forex trading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv Currently both dev_coredumpv and skb_put_data in hci_devcd_dump use. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped By inducing delays in the right places, Jann Horn created a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google +5
NVD VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Google +3
NVD GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using bluetooth-connected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Linux +4
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Google
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews allows Accessing Functionality Not Properly Constrained by ACLs.7.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Prince Integrate Google Drive allows Cross Site Request Forgery.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing.2.4. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Open Redirect
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 Google Map Targeting allows PHP Local File Inclusion.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI PHP Google +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Google
NVD
EPSS 0% CVSS 8.8
HIGH This Month

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure F5 Access +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Google Race Condition +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Google +2
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft +2
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft +2
NVD
EPSS 0% CVSS 1.3
LOW POC Monitor

A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google XSS Chrome
NVD VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android.xml of the component com.ricepo.app. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability was found in Huuge Box App 1.0.3 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 7.2
HIGH This Month

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google File Upload +2
NVD
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +6
NVD
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability, which was classified as problematic, was found in Caixin News App 8.0.1 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android.xml of the component hk.com.tvb.bigbigshop. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

The Stratum - Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS +1
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Improper export of Android application components in bsc Peru Cocktails App 1.0.0 allows local authenticated attackers to access unexported activities, services, or broadcast receivers defined in AndroidManifest.xml, leading to information disclosure. The vulnerability has been publicly disclosed with exploit code available, though real-world risk is minimal given the low CVSS score (1.9) and EPSS exploitation probability (0.02%), indicating this affects only authenticated users with local device access and results in limited confidentiality impact.

Information Disclosure Google
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Cool Mo Maigcal Number App versions 1.0.0 through 1.0.3 on Android contain improper export of application components in AndroidManifest.xml, allowing local authenticated attackers to access sensitive functionality of the com.sdmagic.number component. While CVSS severity is minimal (1.9), publicly available exploit code exists; exploitation requires local device access and authenticated privileges but carries information disclosure impact.

Information Disclosure Google Maigcal Number
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Improper export of Android application components in Lobby Universe Lobby App versions 2.0 through 2.8.0 allows local attackers with user-level privileges to access sensitive functionality via the com.maverick.lobby component. The vulnerability stems from AndroidManifest.xml misconfiguration that exposes internal application activities without proper permission protection, enabling local privilege escalation or information disclosure. Publicly available exploit code exists, though exploitation requires local device access and authenticated user privileges.

Information Disclosure Google Lobby
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Improper export of Android application components in Yeelink Yeelight App up to version 3.5.4 allows local attackers with user-level privileges to access sensitive application functions through the AndroidManifest.xml configuration of the com.yeelight.cherry component. The vulnerability has a very low real-world impact (CVSS 1.9, EPSS 0.03%) despite public exploit availability, as exploitation requires local device access and user-level privileges, limiting practical attack scenarios to compromised or physically accessible devices.

Information Disclosure Google Yeelight Classic
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Improper export of Android application components in Canara ai1 Mobile Banking App version 3.6.23 allows local attackers with user-level privileges to access sensitive exported components via AndroidManifest.xml misconfigurations. The vulnerability enables information disclosure with low confidentiality impact. Public exploit code exists but real-world exploitation risk is minimal (EPSS 0.03%, CVSS 1.9) due to requirement for local device access and authenticated user privileges.

Information Disclosure Google Ai1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel NFS subsystem fails to clean up /proc/net/rpc/nfs directory when nfs_fs_proc_net_init() encounters a memory allocation failure, causing a warning when rpc_proc_exit() later attempts to remove the non-empty parent directory. The vulnerability affects kernel versions 6.16-rc1 through 6.16-rc3 and likely earlier versions, and requires local privileges to trigger via fault injection or memory pressure. While marked as availability impact (DoS via kernel warning), the practical severity is limited as it primarily causes a procfs resource leak rather than direct system compromise.

Information Disclosure Google Linux +3
NVD
EPSS 0% CVSS 1.9
LOW POC Monitor

Improper export of Android application components in Genshin Albedo Cat House App 1.0.2 allows local attackers with user privileges to access sensitive information through AndroidManifest.xml misconfigurations in the com.house.auscat component. The vulnerability requires local access and authenticated user privileges but carries minimal real-world risk due to low EPSS (0.02%) and the constraint of local-only exploitation.

Information Disclosure Google
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Foresight News App for Android versions up to 2.6.4 improperly exports application components via AndroidManifest.xml, allowing local attackers with limited privileges to access sensitive information. The CVSS 1.9 score reflects low actual impact (information disclosure only, no integrity or availability loss), though the vulnerability is publicly exploitable. EPSS percentile of 13% indicates minimal real-world exploitation likelihood despite public POC availability, suggesting this is a low-priority issue for most deployments.

Information Disclosure Google Foresight News
NVD GitHub VulDB
Prev Page 32 of 156 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy