Filtered by vendor Google
Subscriptions
Total
13252 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48558 | 1 Google | 1 Android | 2025-09-05 | 7.8 High |
| In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48559 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26432 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-32322 | 1 Google | 1 Android | 2025-09-05 | 7.8 High |
| In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35657 | 1 Google | 1 Android | 2025-09-05 | 4 Medium |
| In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-0087 | 1 Google | 1 Android | 2025-09-05 | 5.1 Medium |
| In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-41408 | 2 Google, Ly Corporation | 2 Android, Yahoo! Shopping App | 2025-09-05 | N/A |
| Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2025-21038 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2025-21039 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2025-21040 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2024-56190 | 1 Google | 1 Android | 2025-09-05 | 7.8 High |
| In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36887 | 1 Google | 1 Android | 2025-09-05 | 7.8 High |
| In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36891 | 1 Google | 1 Android | 2025-09-05 | 8.8 High |
| Elevation of privilege | ||||
| CVE-2025-36892 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| Denial of service | ||||
| CVE-2025-36893 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36894 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36895 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| Information disclosure | ||||
| CVE-2025-36896 | 1 Google | 1 Android | 2025-09-05 | 9.8 Critical |
| WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106. | ||||
| CVE-2025-36897 | 1 Google | 1 Android | 2025-09-05 | 9.8 Critical |
| In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36898 | 1 Google | 1 Android | 2025-09-05 | 7.8 High |
| There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||