Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
8811 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61113 | 2 Google, Talktalk | 2 Android, Talktalk App | 2025-11-04 | 7.5 High |
| TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information (such as device identifiers and birthdays) and access private group information, including join credentials. Successful exploitation may result in privacy breaches and unauthorized access to restricted resources. | ||||
| CVE-2025-61120 | 2 Google, Io Fit | 2 Android, Ag Life Logger App | 2025-11-04 | 7.5 High |
| AG Life Logger Android App version v1.0.2.72 and before (package name com.donki.healthy), developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force account logins feasible. Successful exploitation could result in account compromise, privacy breaches, and abuse of cloud resources. | ||||
| CVE-2025-61118 | 2 Google, Skytop | 2 Android, Mcarfix App | 2025-11-04 | 7.5 High |
| mCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data and groups. Successful exploitation could result in fake account creation, privacy breaches, and misuse of the platform. | ||||
| CVE-2025-61115 | 3 Abc Liquors, Google, Wine | 3 Fine Wine And Spirits App, Android, Wine | 2025-11-04 | 7.5 High |
| ABC Fine Wine & Spirits Android App version v.11.27.5 and before (package name com.cta.abcfinewineandspirits), developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication, allowing attackers to bypass login checks and obtain valid session identifiers. Successful exploitation could result in unauthorized account access, privacy breaches, and misuse of the platform. | ||||
| CVE-2024-50302 | 4 Debian, Google, Linux and 1 more | 11 Debian Linux, Android, Linux Kernel and 8 more | 2025-11-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. | ||||
| CVE-2018-9466 | 1 Google | 1 Android | 2025-11-03 | 8.8 High |
| In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-9956 | 1 Google | 2 Android, Chrome | 2025-11-03 | 7.8 High |
| Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-43097 | 1 Google | 1 Android | 2025-11-03 | 7.8 High |
| In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-41110 | 3 Ghost Robotics, Ghostrobotics, Google | 4 Vision 60, Vision 60, Vision 60 Firmware and 1 more | 2025-10-30 | 8.8 High |
| Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full control of the robot, which could cause physical damage to the robot itself or its environment. | ||||
| CVE-2025-11720 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-30 | 8.1 High |
| The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144. | ||||
| CVE-2025-11718 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-30 | 6.5 Medium |
| When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox < 144. | ||||
| CVE-2025-11717 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-30 | 9.1 Critical |
| When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability affects Firefox < 144. | ||||
| CVE-2025-11716 | 2 Google, Mozilla | 3 Android, Firefox, Thunderbird | 2025-10-30 | 6.5 Medium |
| Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144. | ||||
| CVE-2025-6431 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-30 | 6.5 Medium |
| When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140. | ||||
| CVE-2025-6428 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-30 | 4.3 Medium |
| When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140. | ||||
| CVE-2025-9186 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-30 | 6.5 Medium |
| Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142. | ||||
| CVE-2022-22265 | 2 Google, Samsung | 2 Android, Exynos | 2025-10-30 | 5 Medium |
| An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. | ||||
| CVE-2025-61482 | 2 Google, Privacyidea | 2 Android, Privacyidea | 2025-10-30 | 7.2 High |
| Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets, enabling generation of valid one-time passwords, and bypassing authentication for enrolled accounts. | ||||
| CVE-2025-56146 | 1 Google | 1 Android | 2025-10-28 | 5.3 Medium |
| Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. | ||||
| CVE-2025-12080 | 1 Google | 2 Android, Wear Os | 2025-10-27 | N/A |
| On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is incorrectly implemented. Due to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to send messages on the user’s behalf to arbitrary receivers without requiring any further user interaction or specific permissions. This allows for the silent and unauthorized transmission of messages from a compromised Wear OS device. | ||||