VYPR

Vendor CVEs

Google

All CVEs

11,404 total · sorted by risk
  • CVE-2026-0036HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0009HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48652HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48649HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48570HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2025-32348HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-26418HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution…

  • CVE-2025-22426HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-22424HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2026-0072HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-9987HigMay 28, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High)

  • CVE-2026-7997HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)

  • CVE-2026-7994HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-7990HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-7925HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2026-7913HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2026-3223HigFeb 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.

  • CVE-2025-48615HigDec 8, 2025
    risk 0.51cvss 7.8epss 0.00

    In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48612HigDec 8, 2025
    risk 0.51cvss 7.8epss 0.00

    In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2024-12476HigJan 17, 2025
    risk 0.51cvss 7.8epss 0.00

    CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web…

  • CVE-2024-22012HigFeb 7, 2024
    risk 0.51cvss 7.8epss 0.00

    there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-48421HigDec 8, 2023
    risk 0.51cvss 7.8epss 0.00

    In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution…

  • CVE-2023-48409HigDec 8, 2023
    risk 0.51cvss 7.8epss 0.00

    In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed.…

  • CVE-2023-48407HigDec 8, 2023
    risk 0.51cvss 7.8epss 0.00

    there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-48402HigDec 8, 2023
    risk 0.51cvss 7.8epss 0.00

    In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-45779HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More…

  • CVE-2023-45777HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-45776HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-45775HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-45774HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-45773HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40103HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40097HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2023-40096HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2023-40095HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-40094HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40091HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40089HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2023-40084HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40080HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40079HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21398HigOct 30, 2023
    risk 0.51cvss 7.8epss 0.00

    In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21397HigOct 30, 2023
    risk 0.51cvss 7.8epss 0.00

    In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21396HigOct 30, 2023
    risk 0.51cvss 7.8epss 0.00

    In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21393HigOct 30, 2023
    risk 0.51cvss 7.8epss 0.00

    In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21390HigOct 30, 2023
    risk 0.51cvss 7.8epss 0.00

    In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21389HigOct 30, 2023
    risk 0.51cvss 7.8epss 0.00

    In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21388HigOct 30, 2023
    risk 0.51cvss 7.8epss 0.00

    In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21381HigOct 30, 2023
    risk 0.51cvss 7.8epss 0.00

    In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21378HigOct 30, 2023
    risk 0.51cvss 7.8epss 0.00

    In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 52 of 229