Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
8900 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14699 | 2 Google, Municorn | 2 Android, Fax App | 2025-12-15 | 5.3 Medium |
| A security vulnerability has been detected in Municorn FAX App 3.27.0 on Android. This vulnerability affects unknown code of the component biz.faxapp.app. Such manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14698 | 2 Atlaszz Ai Photo Team, Google | 2 Galleryit App, Android | 2025-12-15 | 4.4 Medium |
| A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation causes path traversal. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14702 | 2 Google, Smartbit Commv | 2 Android, Smartschool App | 2025-12-15 | 4.4 Medium |
| A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-36932 | 1 Google | 1 Android | 2025-12-15 | 7.8 High |
| In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-14020 | 2 Google, Linecorp | 2 Android, Line | 2025-12-15 | 5.4 Medium |
| LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing attackers to conduct phishing attacks by impersonating legitimate interfaces. | ||||
| CVE-2025-14019 | 2 Google, Linecorp | 2 Android, Line | 2025-12-15 | 3.4 Low |
| LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks. | ||||
| CVE-2025-14373 | 1 Google | 2 Android, Chrome | 2025-12-14 | 4.3 Medium |
| Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-14617 | 2 Google, Jehovahs Witnesses | 2 Android, Jw Library App | 2025-12-14 | 5.3 Medium |
| A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. Such manipulation leads to path traversal. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-36923 | 1 Google | 1 Android | 2025-12-12 | 8 High |
| In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36924 | 1 Google | 1 Android | 2025-12-12 | 8 High |
| In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36925 | 1 Google | 1 Android | 2025-12-12 | 7.8 High |
| In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36927 | 1 Google | 1 Android | 2025-12-12 | 7.8 High |
| In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36928 | 1 Google | 1 Android | 2025-12-12 | 7.8 High |
| In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36929 | 1 Google | 1 Android | 2025-12-12 | 5.5 Medium |
| In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36930 | 1 Google | 1 Android | 2025-12-12 | 7.8 High |
| In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36931 | 1 Google | 1 Android | 2025-12-12 | 7.8 High |
| In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36934 | 1 Google | 1 Android | 2025-12-12 | 6.7 Medium |
| In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36889 | 1 Google | 1 Android | 2025-12-12 | 5.5 Medium |
| In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36912 | 1 Google | 1 Android | 2025-12-12 | 6.5 Medium |
| In cellular modem, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36916 | 1 Google | 1 Android | 2025-12-12 | 7 High |
| In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||