ReportizFlow
Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
8685 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26437 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-41408 | 2 Google, Ly Corporation | 2 Android, Yahoo! Shopping App | 2025-09-05 | N/A |
| Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2025-48563 | 1 Google | 1 Android | 2025-09-05 | 7.8 High |
| In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48581 | 1 Google | 1 Android | 2025-09-05 | 9.8 Critical |
| In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates through mainline installations due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-40664 | 1 Google | 1 Android | 2025-09-05 | 6.2 Medium |
| In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48560 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36906 | 1 Google | 1 Android | 2025-09-05 | 7.8 High |
| In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-21038 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2025-21039 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2025-21040 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2024-56189 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-56190 | 1 Google | 1 Android | 2025-09-05 | 7.8 High |
| In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36887 | 1 Google | 1 Android | 2025-09-05 | 7.8 High |
| In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36890 | 1 Google | 1 Android | 2025-09-05 | 9.8 Critical |
| Elevation of Privilege | ||||
| CVE-2025-36891 | 1 Google | 1 Android | 2025-09-05 | 8.8 High |
| Elevation of privilege | ||||
| CVE-2025-36892 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| Denial of service | ||||
| CVE-2025-36893 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36894 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36895 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| Information disclosure | ||||
| CVE-2025-36896 | 1 Google | 1 Android | 2025-09-05 | 9.8 Critical |
| WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106. | ||||