Filtered by vendor Google
Subscriptions
Total
13250 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34251 | 2 Google, Tesla | 3 Android, Telematics Control Unit, Tesla | 2025-10-08 | N/A |
| Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a “lockdown” check that disables adb shell, still permits adb push/pull and adb forward. Because adbd is privileged and the device’s USB port is exposed externally, an attacker with physical access can write an arbitrary file to a writable location and then overwrite the kernel’s uevent_helper or /proc/sys/kernel/hotplug entries via ADB, causing the script to be executed with root privileges. | ||||
| CVE-2025-56466 | 2 Google, Masterlifecrm | 2 Android, Dietly | 2025-10-06 | 7.5 High |
| Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information. | ||||
| CVE-2025-1122 | 1 Google | 2 Chrome, Chrome Os | 2025-10-06 | 6.7 Medium |
| Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | ||||
| CVE-2025-1292 | 1 Google | 2 Chrome, Chrome Os | 2025-10-06 | 6.7 Medium |
| Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | ||||
| CVE-2025-55971 | 2 Google, Tcl | 2 Android Tv, Tcl | 2025-10-06 | 4.7 Medium |
| TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The device accepts unauthenticated SetAVTransportURI SOAP requests over TCP/16398 and attempts to retrieve externally referenced URIs, including attacker-controlled payloads. The blind SSRF allows for sending requests on behalf of the TV, which can be leveraged to probe for other internal or external services accessible by the device (e.g., 127.0.0.1:16XXX, LAN services, or internet targets), potentially enabling additional exploit chains. | ||||
| CVE-2025-55556 | 2 Google, Tensorflow | 2 Tensorflow, Tensorflow | 2025-10-03 | 6.5 Medium |
| TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application. | ||||
| CVE-2025-55559 | 1 Google | 1 Tensorflow | 2025-10-03 | 7.5 High |
| An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D. | ||||
| CVE-2025-6044 | 1 Google | 1 Chrome Os | 2025-10-03 | 6.1 Medium |
| An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature. | ||||
| CVE-2025-2509 | 1 Google | 1 Chrome Os | 2025-10-03 | 7.8 High |
| Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description. | ||||
| CVE-2025-59407 | 3 Flock Safety, Flocksafety, Google | 6 Bravo Edge Ai Compute Device, Bravo Edge Ai Compute Device, Detectionprocessing and 3 more | 2025-10-03 | 9.8 Critical |
| The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along with its hardcoded password (flockhibiki17) in its code. The keystore contains a private key. | ||||
| CVE-2025-59405 | 2 Flocksafety, Google | 5 Bravo Edge Ai Compute Device, Falcon, License Plate Reader and 2 more | 2025-10-03 | 7.5 High |
| The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover the OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software. | ||||
| CVE-2025-59403 | 2 Flocksafety, Google | 5 Bravo Edge Ai Compute Device, Collins, Falcon and 2 more | 2025-10-03 | 6.5 Medium |
| The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack, and /adb/enable. This results in multiple impacts including denial of service (DoS) via /reboot, information disclosure via /logs, and remote code execution (RCE) via /adb/enable. The latter specifically results in adb being started over TCP without debugging confirmation, providing an attacker in the LAN/WLAN with shell access. | ||||
| CVE-2025-59406 | 3 Flock Safety, Flocksafety, Google | 6 Bravo Edge Ai Compute Device, Bravo Edge Ai Compute Device, Falcon and 3 more | 2025-10-03 | 6.2 Medium |
| The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software. | ||||
| CVE-2025-20926 | 2 Google, Samsung | 2 Android, Myfiles | 2025-10-03 | 5.5 Medium |
| Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege. | ||||
| CVE-2025-21024 | 2 Google, Samsung | 2 Android, Smart View | 2025-10-02 | 3.3 Low |
| Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information. | ||||
| CVE-2025-20980 | 1 Google | 1 Android | 2025-10-02 | 4 Medium |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption. | ||||
| CVE-2025-20979 | 1 Google | 1 Android | 2025-10-02 | 8.4 High |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code. | ||||
| CVE-2023-21482 | 2 Google, Samsung | 4 Android, Camera, Mobile and 1 more | 2025-10-01 | 6.1 Medium |
| Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard. | ||||
| CVE-2025-47967 | 2 Google, Microsoft | 3 Android, Edge, Edge Chromium | 2025-10-01 | 4.7 Medium |
| Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-57197 | 2 Google, Payeer | 2 Android, Payeer App | 2025-09-30 | 6 Medium |
| In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN verification check and directly modify the authentication PIN. This allows unauthorized users to change PIN without knowing the original/current PIN. | ||||