Filtered by vendor Google Subscriptions
Total 13250 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-7254 3 Google, Netapp, Redhat 15 Google-protobuf, Protobuf, Protobuf-java and 12 more 2025-09-26 7.5 High
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
CVE-2024-6284 2 Google, Netfilter 2 Nftables, Nftables 2025-09-26 7.3 High
In https://github.com/google/nftables  IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects:  https://pkg.go.dev/github.com/google/nftables@v0.1.0 The bug was fixed in the next released version:  https://pkg.go.dev/github.com/google/nftables@v0.2.0
CVE-2024-5899 1 Google 3 Bazel For Android Studio, Bazel For Clion, Bazel For Intellij 2025-09-26 3.3 Low
When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one.  We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins.
CVE-2025-48562 1 Google 1 Android 2025-09-26 5 Medium
In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2025-48561 1 Google 1 Android 2025-09-26 5.5 Medium
In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-47329 2 Google, Qualcomm 78 Android, Fastconnect 7800, Fastconnect 7800 Firmware and 75 more 2025-09-25 7.8 High
Memory corruption while handling invalid inputs in application info setup.
CVE-2025-10500 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2025-09-25 8.8 High
Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-10501 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2025-09-25 8.8 High
Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-10502 4 Apple, Google, Linux and 1 more 5 Macos, Angle, Chrome and 2 more 2025-09-25 8.8 High
Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)
CVE-2025-10890 4 Apple, Google, Linux and 1 more 5 Macos, Chrome, V8 and 2 more 2025-09-25 9.1 Critical
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVE-2025-10891 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2025-09-25 8.8 High
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-10892 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2025-09-25 8.8 High
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-10184 2 Google, Oneplus 2 Android, Oxygenos 2025-09-25 N/A
The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers.
CVE-2025-56146 1 Google 1 Android 2025-09-25 N/A
Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity.
CVE-2024-11358 2 Google, Mattermost 3 Android, Mattermost, Mattermost Mobile 2025-09-24 5.7 Medium
Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.
CVE-2024-49421 2 Google, Samsung 2 Android, Quick Share 2025-09-24 4.3 Medium
Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.
CVE-2025-10722 2 Google, Sktlab 2 Android, Mukbee App 2025-09-22 5.3 Medium
A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-10721 2 Google, Webull 2 Android, Investing & Trading App 2025-09-22 5.3 Medium
A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-10718 2 Google, Ooma 2 Android, Office Business Phone App 2025-09-22 5.3 Medium
A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-10201 2 Google, Linux 5 Android, Chrome, Chrome Os and 2 more 2025-09-22 8.8 High
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)