VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2025-12742HigNov 25, 2025
    risk 0.49cvss epss 0.00

    A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No…

  • CVE-2024-9126HigNov 14, 2025
    risk 0.49cvss 7.5epss 0.00

    Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium)

  • CVE-2024-7017HigNov 14, 2025
    risk 0.49cvss 7.5epss 0.00

    Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-12726HigNov 10, 2025
    risk 0.49cvss 7.5epss 0.00

    Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-12437HigNov 10, 2025
    risk 0.49cvss 7.5epss 0.00

    Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-12430HigNov 10, 2025
    risk 0.49cvss 7.5epss 0.00

    Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-12397HigNov 10, 2025
    risk 0.49cvss epss 0.00

    A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability…

  • CVE-2025-11211HigNov 6, 2025
    risk 0.49cvss 7.5epss 0.00

    Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-36895HigSep 4, 2025
    risk 0.49cvss 7.5epss 0.00

    Information disclosure

  • CVE-2025-36894HigSep 4, 2025
    risk 0.49cvss 7.5epss 0.00

    In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36892HigSep 4, 2025
    risk 0.49cvss 7.5epss 0.00

    Denial of service

  • CVE-2025-22423HigSep 2, 2025
    risk 0.49cvss 7.5epss 0.00

    In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-0093HigAug 26, 2025
    risk 0.49cvss 7.5epss 0.00

    In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2025-0081HigAug 26, 2025
    risk 0.49cvss 7.5epss 0.00

    In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-4600HigMay 16, 2025
    risk 0.49cvss 7.5epss 0.00

    A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing…

  • CVE-2025-1566HigApr 16, 2025
    risk 0.49cvss 7.5epss 0.00

    DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.

  • CVE-2024-40675HigJan 28, 2025
    risk 0.49cvss 7.5epss 0.00

    In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-0612HigJan 22, 2025
    risk 0.49cvss 7.5epss 0.00

    Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-49734HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.00

    In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution…

  • CVE-2024-53834HigJan 3, 2025
    risk 0.49cvss 7.5epss 0.00

    In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9426HigDec 2, 2024
    risk 0.49cvss 7.5epss 0.00

    In  RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2018-9381HigDec 2, 2024
    risk 0.49cvss 7.5epss 0.00

    In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2017-13319HigNov 27, 2024
    risk 0.49cvss 7.5epss 0.00

    In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not…

  • CVE-2018-9484HigNov 20, 2024
    risk 0.49cvss 7.5epss 0.00

    In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-10382HigNov 20, 2024
    risk 0.49cvss 7.5epss 0.00

    There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An…

  • CVE-2018-9456HigNov 19, 2024
    risk 0.49cvss 7.5epss 0.00

    In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9419HigNov 19, 2024
    risk 0.49cvss 7.5epss 0.00

    In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9364HigNov 19, 2024
    risk 0.49cvss 7.5epss 0.00

    In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.

  • CVE-2024-47022HigOct 25, 2024
    risk 0.49cvss 7.5epss 0.00

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.

  • CVE-2024-47021HigOct 25, 2024
    risk 0.49cvss 7.5epss 0.00

    In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47020HigOct 25, 2024
    risk 0.49cvss 7.5epss 0.00

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.

  • CVE-2024-44101HigOct 25, 2024
    risk 0.49cvss 7.5epss 0.00

    there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-44100HigOct 25, 2024
    risk 0.49cvss 7.5epss 0.00

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.

  • CVE-2024-9960HigOct 15, 2024
    risk 0.49cvss 7.5epss 0.00

    Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-8912HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.00

    An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerable. This issue has…

  • CVE-2024-34727HigAug 15, 2024
    risk 0.49cvss 7.5epss 0.00

    In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-6331HigAug 4, 2024
    risk 0.49cvss 7.5epss 0.01

    stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration of Google Gimini 1.0 Pro with `HarmBlockThreshold.BLOCK_NONE` for `HarmCategory.HARM_CATEGORY_HATE_SPEECH` and…

  • CVE-2024-6778HigJul 16, 2024
    risk 0.49cvss 7.5epss 0.01

    Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2024-32924HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32902HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)

  • CVE-2024-32894HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-29781HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-4420HigMay 21, 2024
    risk 0.49cvss 7.5epss 0.00

    There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for…

  • CVE-2024-3840HigApr 17, 2024
    risk 0.49cvss 7.5epss 0.01

    Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-2886HigMar 26, 2024
    risk 0.49cvss 7.5epss 0.02

    Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-27229HigMar 11, 2024
    risk 0.49cvss 7.5epss 0.00

    In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-27206HigMar 11, 2024
    risk 0.49cvss 7.5epss 0.00

    there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-22011HigMar 11, 2024
    risk 0.49cvss 7.5epss 0.00

    In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0040HigFeb 16, 2024
    risk 0.49cvss 7.5epss 0.02

    In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40104HigFeb 15, 2024
    risk 0.49cvss 7.5epss 0.00

    In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 97 of 229