Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
9065 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21080 | 2 Google, Samsung | 4 Android, Android, Dynamic Lockscreen and 1 more | 2025-12-05 | 6.2 Medium |
| Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege. | ||||
| CVE-2025-58483 | 2 Google, Samsung | 4 Android, Galaxy Store, Galaxy Watch and 1 more | 2025-12-04 | 5.9 Medium |
| Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store. | ||||
| CVE-2017-7375 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Android, Libxml2 | 2025-12-03 | 9.8 Critical |
| A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). | ||||
| CVE-2025-20789 | 2 Google, Mediatek | 7 Android, Mt6781, Mt6833 and 4 more | 2025-12-03 | 4.4 Medium |
| In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538. | ||||
| CVE-2025-20788 | 2 Google, Mediatek | 3 Android, Mt6991, Mt8196 | 2025-12-03 | 4.4 Medium |
| In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539. | ||||
| CVE-2025-61619 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61618 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61617 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61610 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61609 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61608 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61607 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-3012 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-11133 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-11132 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-11131 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-01 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-63435 | 2 Google, Xtooltech | 3 Android, Anyscan, Xtool Anyscan | 2025-11-28 | 4.3 Medium |
| Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official update packages.. | ||||
| CVE-2025-63434 | 2 Google, Xtooltech | 3 Android, Anyscan, Xtool Anyscan | 2025-11-28 | 8.8 High |
| The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control the update metadata can serve a malicious package, which the application will accept, extract, and later execute, leading to arbitrary code execution. | ||||
| CVE-2025-63433 | 2 Google, Xtooltech | 3 Android, Anyscan, Xtool Anyscan | 2025-11-28 | 4.6 Medium |
| Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt, modify, and re-encrypt the update manifest, allowing them to direct the application to download a malicious update package. | ||||
| CVE-2025-12728 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2025-11-25 | 4.2 Medium |
| Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||