VYPR

Vendor CVEs

Google

All CVEs

11,508 total · sorted by risk
  • CVE-2026-0906Jan 20, 2026
    risk 0.00cvss epss 0.00

    Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-0905Jan 20, 2026
    risk 0.00cvss epss 0.00

    Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)

  • CVE-2026-0904Jan 20, 2026
    risk 0.00cvss epss 0.00

    Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-0903Jan 20, 2026
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-0902Jan 20, 2026
    risk 0.00cvss epss 0.00

    Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-0901Jan 20, 2026
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-0900Jan 20, 2026
    risk 0.00cvss epss 0.00

    Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-0899Jan 20, 2026
    risk 0.00cvss epss 0.00

    Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-36911Jan 15, 2026
    risk 0.00cvss epss 0.07

    In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2025-15464Jan 8, 2026
    risk 0.00cvss epss 0.00

    Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.

  • CVE-2026-0628Jan 6, 2026
    risk 0.00cvss epss 0.07

    Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2025-14766Dec 16, 2025
    risk 0.00cvss epss 0.03

    Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-14765Dec 16, 2025
    risk 0.00cvss epss 0.03

    Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-14373Dec 12, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-14372Dec 12, 2025
    risk 0.00cvss epss 0.00

    Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-36938Dec 11, 2025
    risk 0.00cvss epss 0.00

    In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36937Dec 11, 2025
    risk 0.00cvss epss 0.00

    In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36936Dec 11, 2025
    risk 0.00cvss epss 0.00

    In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36935Dec 11, 2025
    risk 0.00cvss epss 0.00

    In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36934Dec 11, 2025
    risk 0.00cvss epss 0.00

    In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36932Dec 11, 2025
    risk 0.00cvss epss 0.00

    In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2025-36931Dec 11, 2025
    risk 0.00cvss epss 0.00

    In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36930Dec 11, 2025
    risk 0.00cvss epss 0.00

    In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36929Dec 11, 2025
    risk 0.00cvss epss 0.00

    In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36928Dec 11, 2025
    risk 0.00cvss epss 0.00

    In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36927Dec 11, 2025
    risk 0.00cvss epss 0.00

    In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36925Dec 11, 2025
    risk 0.00cvss epss 0.00

    In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36924Dec 11, 2025
    risk 0.00cvss epss 0.00

    In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2025-36923Dec 11, 2025
    risk 0.00cvss epss 0.00

    In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2025-36922Dec 11, 2025
    risk 0.00cvss epss 0.00

    In bigo_map of bigo_iommu.c, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege in the OS Kernel level with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36921Dec 11, 2025
    risk 0.00cvss epss 0.00

    In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

  • CVE-2025-36919Dec 11, 2025
    risk 0.00cvss epss 0.00

    In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36918Dec 11, 2025
    risk 0.00cvss epss 0.00

    In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36917Dec 11, 2025
    risk 0.00cvss epss 0.00

    In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36916Dec 11, 2025
    risk 0.00cvss epss 0.00

    In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36912Dec 11, 2025
    risk 0.00cvss epss 0.00

    In cellular modem, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36889Dec 11, 2025
    risk 0.00cvss epss 0.00

    In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48625Dec 8, 2025
    risk 0.00cvss epss 0.00

    In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2025-48608Dec 8, 2025
    risk 0.00cvss epss 0.00

    In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48606Dec 8, 2025
    risk 0.00cvss epss 0.00

    In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2025-48569Dec 8, 2025
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48639Dec 8, 2025
    risk 0.00cvss epss 0.00

    In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2025-48638Dec 8, 2025
    risk 0.00cvss epss 0.00

    In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48637Dec 8, 2025
    risk 0.00cvss epss 0.00

    In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48632Dec 8, 2025
    risk 0.00cvss epss 0.00

    In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.…

  • CVE-2025-48631Dec 8, 2025
    risk 0.00cvss epss 0.00

    In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48629Dec 8, 2025
    risk 0.00cvss epss 0.00

    In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2025-48628Dec 8, 2025
    risk 0.00cvss epss 0.00

    In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48627Dec 8, 2025
    risk 0.00cvss epss 0.00

    In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2025-48626Dec 8, 2025
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 179 of 231