Filtered by vendor Google
Subscriptions
Total
12986 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-43093 | 1 Google | 1 Android | 2025-08-27 | 7.8 High |
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
CVE-2024-43090 | 1 Google | 1 Android | 2025-08-27 | 5 Medium |
In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. | ||||
CVE-2024-0032 | 1 Google | 1 Android | 2025-08-27 | 6.8 Medium |
In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
CVE-2025-49736 | 2 Google, Microsoft | 2 Android, Edge | 2025-08-26 | 4.3 Medium |
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
CVE-2025-49755 | 2 Google, Microsoft | 2 Android, Edge | 2025-08-26 | 4.3 Medium |
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
CVE-2025-8210 | 3 Google, Yeelight, Yeelink | 3 Android, Yeelight Classic, Yeelight App | 2025-08-26 | 5.3 Medium |
A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2025-55619 | 2 Google, Reolink | 2 Android, Reolink | 2025-08-26 | 9.8 Critical |
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering. | ||||
CVE-2025-4609 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-08-26 | 9.6 Critical |
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | ||||
CVE-2025-9118 | 1 Google | 1 Cloud Platform | 2025-08-26 | N/A |
A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file. | ||||
CVE-2025-55623 | 2 Google, Reolink | 2 Android, Reolink | 2025-08-23 | 5.4 Medium |
An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge). | ||||
CVE-2025-9135 | 1 Google | 1 Android | 2025-08-22 | 5.3 Medium |
A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer and BusBahnBim up to 12.1.1(258). The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early and fixed the issue by "[r]emoving the task affinity of the app so it can't be copied". | ||||
CVE-2025-43201 | 2 Apple, Google | 4 Apple Music, Music, Music Classical and 1 more | 2025-08-21 | 6.2 Medium |
This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials. | ||||
CVE-2025-8364 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 4.3 Medium |
A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 141. | ||||
CVE-2025-9186 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 6.5 Medium |
Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142. | ||||
CVE-2025-9132 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-21 | 8.8 High |
Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2025-8041 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 5.3 Medium |
In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141. | ||||
CVE-2025-8042 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 9.8 Critical |
Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141. | ||||
CVE-2025-5419 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2025-08-20 | 8.8 High |
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2025-21457 | 2 Google, Qualcomm | 32 Android, Ar8035, Ar8035 Firmware and 29 more | 2025-08-19 | 6.1 Medium |
Information disclosure while opening a fastrpc session when domain is not sanitized. | ||||
CVE-2025-50862 | 2 Google, Lotuscars | 2 Android, Android App | 2025-08-18 | 5.9 Medium |
The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure. |