Vendor CVEs
All CVEs
11,509 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-12910 | 0.00 | — | 0.00 | Nov 7, 2025 | Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low) | |||
| CVE-2025-12909 | 0.00 | — | 0.00 | Nov 7, 2025 | Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low) | |||
| CVE-2025-12908 | 0.00 | — | 0.00 | Nov 7, 2025 | Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2025-12907 | 0.00 | — | 0.00 | Nov 7, 2025 | Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. (Chromium security severity: Low) | |||
| CVE-2025-12906 | 0.00 | — | 0.00 | Nov 7, 2025 | Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2025-12905 | 0.00 | — | 0.00 | Nov 7, 2025 | Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2025-11460 | 0.00 | — | 0.00 | Nov 6, 2025 | Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High) | |||
| CVE-2025-11458 | 0.00 | — | 0.00 | Nov 6, 2025 | Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-11756 | 0.00 | — | 0.00 | Nov 6, 2025 | Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-12036 | 0.00 | — | 0.04 | Nov 6, 2025 | Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-11219 | 0.00 | — | 0.00 | Nov 6, 2025 | Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2025-11216 | 0.00 | — | 0.00 | Nov 6, 2025 | Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low) | |||
| CVE-2025-11215 | 0.00 | — | 0.00 | Nov 6, 2025 | Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-11213 | 0.00 | — | 0.00 | Nov 6, 2025 | Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-11212 | 0.00 | — | 0.00 | Nov 6, 2025 | Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-11211 | 0.00 | — | 0.00 | Nov 6, 2025 | Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-11210 | 0.00 | — | 0.00 | Nov 6, 2025 | Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-11209 | 0.00 | — | 0.00 | Nov 6, 2025 | Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-11208 | 0.00 | — | 0.00 | Nov 6, 2025 | Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-11207 | 0.00 | — | 0.00 | Nov 6, 2025 | Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-11206 | 0.00 | — | 0.00 | Nov 6, 2025 | Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-11205 | 0.00 | — | 0.00 | Nov 6, 2025 | Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-21077 | 0.00 | — | 0.00 | Nov 5, 2025 | Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege. | |||
| CVE-2025-10892 | 0.00 | — | 0.00 | Sep 24, 2025 | Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-10891 | 0.00 | — | 0.07 | Sep 24, 2025 | Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-10890 | 0.00 | — | 0.00 | Sep 24, 2025 | Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-10502 | 0.00 | — | 0.00 | Sep 24, 2025 | Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High) | |||
| CVE-2025-10501 | 0.00 | — | 0.00 | Sep 24, 2025 | Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-10500 | 0.00 | — | 0.00 | Sep 24, 2025 | Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-10201 | 0.00 | — | 0.00 | Sep 10, 2025 | Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-10200 | 0.00 | — | 0.01 | Sep 10, 2025 | Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2025-32320 | 0.00 | — | 0.00 | Sep 5, 2025 | In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-32318 | 0.00 | — | 0.00 | Sep 5, 2025 | In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-32317 | 0.00 | — | 0.00 | Sep 5, 2025 | In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-32316 | 0.00 | — | 0.00 | Sep 5, 2025 | In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-26461 | 0.00 | — | 0.00 | Sep 5, 2025 | In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges… | |||
| CVE-2025-26434 | 0.00 | — | 0.00 | Sep 5, 2025 | In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-0028 | 0.00 | — | 0.00 | Sep 5, 2025 | In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-32322 | 0.00 | — | 0.00 | Sep 4, 2025 | In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution… | |||
| CVE-2025-26439 | 0.00 | — | 0.00 | Sep 4, 2025 | In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution… | |||
| CVE-2025-26431 | 0.00 | — | 0.00 | Sep 4, 2025 | In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is… | |||
| CVE-2025-26419 | 0.00 | — | 0.00 | Sep 4, 2025 | In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||
| CVE-2024-40664 | 0.00 | — | 0.00 | Sep 4, 2025 | In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not… | |||
| CVE-2025-22415 | 0.00 | — | 0.00 | Sep 4, 2025 | In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-22414 | 0.00 | — | 0.00 | Sep 4, 2025 | In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-49731 | 0.00 | — | 0.00 | Sep 4, 2025 | In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction… | |||
| CVE-2025-48563 | 0.00 | — | 0.00 | Sep 4, 2025 | In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-48562 | 0.00 | — | 0.00 | Sep 4, 2025 | In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||
| CVE-2025-48561 | 0.00 | — | 0.00 | Sep 4, 2025 | In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-48560 | 0.00 | — | 0.00 | Sep 4, 2025 | In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
- CVE-2025-12910Nov 7, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low)
- CVE-2025-12909Nov 7, 2025risk 0.00cvss —epss 0.00
Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low)
- CVE-2025-12908Nov 7, 2025risk 0.00cvss —epss 0.00
Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-12907Nov 7, 2025risk 0.00cvss —epss 0.00
Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. (Chromium security severity: Low)
- CVE-2025-12906Nov 7, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-12905Nov 7, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-11460Nov 6, 2025risk 0.00cvss —epss 0.00
Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)
- CVE-2025-11458Nov 6, 2025risk 0.00cvss —epss 0.00
Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-11756Nov 6, 2025risk 0.00cvss —epss 0.00
Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-12036Nov 6, 2025risk 0.00cvss —epss 0.04
Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-11219Nov 6, 2025risk 0.00cvss —epss 0.00
Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-11216Nov 6, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low)
- CVE-2025-11215Nov 6, 2025risk 0.00cvss —epss 0.00
Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-11213Nov 6, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-11212Nov 6, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-11211Nov 6, 2025risk 0.00cvss —epss 0.00
Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-11210Nov 6, 2025risk 0.00cvss —epss 0.00
Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-11209Nov 6, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-11208Nov 6, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-11207Nov 6, 2025risk 0.00cvss —epss 0.00
Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-11206Nov 6, 2025risk 0.00cvss —epss 0.00
Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-11205Nov 6, 2025risk 0.00cvss —epss 0.00
Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-21077Nov 5, 2025risk 0.00cvss —epss 0.00
Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.
- CVE-2025-10892Sep 24, 2025risk 0.00cvss —epss 0.00
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-10891Sep 24, 2025risk 0.00cvss —epss 0.07
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-10890Sep 24, 2025risk 0.00cvss —epss 0.00
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-10502Sep 24, 2025risk 0.00cvss —epss 0.00
Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)
- CVE-2025-10501Sep 24, 2025risk 0.00cvss —epss 0.00
Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-10500Sep 24, 2025risk 0.00cvss —epss 0.00
Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-10201Sep 10, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-10200Sep 10, 2025risk 0.00cvss —epss 0.01
Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2025-32320Sep 5, 2025risk 0.00cvss —epss 0.00
In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-32318Sep 5, 2025risk 0.00cvss —epss 0.00
In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-32317Sep 5, 2025risk 0.00cvss —epss 0.00
In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-32316Sep 5, 2025risk 0.00cvss —epss 0.00
In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-26461Sep 5, 2025risk 0.00cvss —epss 0.00
In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…
- CVE-2025-26434Sep 5, 2025risk 0.00cvss —epss 0.00
In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-0028Sep 5, 2025risk 0.00cvss —epss 0.00
In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-32322Sep 4, 2025risk 0.00cvss —epss 0.00
In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution…
- CVE-2025-26439Sep 4, 2025risk 0.00cvss —epss 0.00
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution…
- CVE-2025-26431Sep 4, 2025risk 0.00cvss —epss 0.00
In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…
- CVE-2025-26419Sep 4, 2025risk 0.00cvss —epss 0.00
In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2024-40664Sep 4, 2025risk 0.00cvss —epss 0.00
In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not…
- CVE-2025-22415Sep 4, 2025risk 0.00cvss —epss 0.00
In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-22414Sep 4, 2025risk 0.00cvss —epss 0.00
In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-49731Sep 4, 2025risk 0.00cvss —epss 0.00
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…
- CVE-2025-48563Sep 4, 2025risk 0.00cvss —epss 0.00
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-48562Sep 4, 2025risk 0.00cvss —epss 0.00
In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2025-48561Sep 4, 2025risk 0.00cvss —epss 0.00
In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-48560Sep 4, 2025risk 0.00cvss —epss 0.00
In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Page 182 of 231