Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
8701 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43093 | 1 Google | 1 Android | 2025-09-15 | 7.3 High |
| In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2020-16010 | 1 Google | 2 Android, Chrome | 2025-09-15 | 8.8 High |
| Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2024-29745 | 1 Google | 1 Android | 2025-09-15 | 5.5 Medium |
| there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-44092 | 1 Google | 1 Android | 2025-09-15 | 7.8 High |
| There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-56467 | 2 Axis, Google | 2 Axis Mobile App, Android | 2025-09-15 | 6.5 Medium |
| An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended feature and "does not reveal much sensitive information." | ||||
| CVE-2025-9135 | 2 Google, Verkehrsauskunft | 2 Android, Smartride | 2025-09-13 | 5.3 Medium |
| A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early and fixed the issue by "[r]emoving the task affinity of the app so it can't be copied". | ||||
| CVE-2025-10195 | 2 Google, Seismic | 2 Android, Seismic App | 2025-09-12 | 5.3 Medium |
| A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.seismic.doccenter. Such manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-21033 | 2 Google, Samsung | 4 Android, Android, Mobile and 1 more | 2025-09-11 | 4 Medium |
| Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information. | ||||
| CVE-2025-21029 | 2 Google, Samsung | 4 Android, Android, Mobile and 1 more | 2025-09-11 | 4 Medium |
| Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display. | ||||
| CVE-2025-21026 | 2 Google, Samsung | 4 Android, Android, Mobile and 1 more | 2025-09-11 | 4 Medium |
| Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call. | ||||
| CVE-2025-21025 | 2 Google, Samsung | 4 Android, Android, Mobile and 1 more | 2025-09-11 | 5.1 Medium |
| Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management. | ||||
| CVE-2025-5500 | 2 Google, Zhenshi | 2 Android, Mibro Fit App | 2025-09-11 | 5.3 Medium |
| A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10201 | 2 Google, Linux | 4 Android, Chrome, Chrome Os and 1 more | 2025-09-11 | 8.8 High |
| Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-56466 | 1 Google | 1 Android | 2025-09-11 | N/A |
| Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information. | ||||
| CVE-2024-34739 | 1 Google | 1 Android | 2025-09-11 | 7.8 High |
| In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-9695 | 2 Galleryvault, Google | 2 Gallery Vault, Android | 2025-09-10 | 5.3 Medium |
| A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | ||||
| CVE-2025-49736 | 2 Google, Microsoft | 2 Android, Edge | 2025-09-09 | 4.3 Medium |
| The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-49755 | 2 Google, Microsoft | 2 Android, Edge | 2025-09-09 | 4.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-55443 | 2 Google, Telpo | 2 Android, Telpo Mdm | 2025-09-09 | 9.1 Critical |
| Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platform to execute administrative operations (device shutdown/factory reset/software installation); 2. Connect to the MQTT server to intercept/publish device data. | ||||
| CVE-2025-26431 | 1 Google | 1 Android | 2025-09-09 | 7.8 High |
| In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||