Filtered by vendor Google
Subscriptions
Total
12982 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9132 | 1 Google | 1 Chrome | 2025-08-21 | 8.8 High |
| Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-9135 | 1 Google | 1 Android | 2025-08-21 | 5.3 Medium |
| A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer and BusBahnBim up to 12.1.1(258). The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended. | ||||
| CVE-2025-9186 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 6.5 Medium |
| Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142. | ||||
| CVE-2025-8364 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 4.3 Medium |
| A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 141. | ||||
| CVE-2025-8041 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 5.3 Medium |
| In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141. | ||||
| CVE-2025-8042 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 9.8 Critical |
| Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141. | ||||
| CVE-2025-43201 | 2 Apple, Google | 3 Apple Music, Music, Android | 2025-08-21 | 6.2 Medium |
| This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials. | ||||
| CVE-2025-5419 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2025-08-20 | 8.8 High |
| Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-21457 | 2 Google, Qualcomm | 32 Android, Ar8035, Ar8035 Firmware and 29 more | 2025-08-19 | 6.1 Medium |
| Information disclosure while opening a fastrpc session when domain is not sanitized. | ||||
| CVE-2025-50862 | 2 Google, Lotuscars | 2 Android, Android App | 2025-08-18 | 5.9 Medium |
| The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure. | ||||
| CVE-2023-38009 | 3 Apple, Google, Ibm | 4 Iphone Os, Android, Cognos Analytics and 1 more | 2025-08-18 | 4.2 Medium |
| IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. | ||||
| CVE-2025-20696 | 6 Google, Linuxfoundation, Mediatek and 3 more | 37 Android, Yocto, Mt6739 and 34 more | 2025-08-18 | 6.8 Medium |
| In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801. | ||||
| CVE-2025-20697 | 2 Google, Mediatek | 30 Android, Mt2718, Mt6761 and 27 more | 2025-08-18 | 6.7 Medium |
| In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795. | ||||
| CVE-2025-20698 | 2 Google, Mediatek | 41 Android, Mt2718, Mt6739 and 38 more | 2025-08-18 | 6.7 Medium |
| In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793. | ||||
| CVE-2025-45769 | 1 Google | 1 Firebase Php-jwt | 2025-08-17 | 7.3 High |
| php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record. | ||||
| CVE-2025-54809 | 2 F5, Google | 2 Access For Android, Android | 2025-08-16 | 7.4 High |
| F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-50861 | 2 Google, Lotuscars | 2 Android, Android App | 2025-08-16 | 6.5 Medium |
| The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This poses a risk of unintended access to application internals and can cause denial of service or logic abuse. | ||||
| CVE-2025-49736 | 2 Google, Microsoft | 2 Android, Edge | 2025-08-15 | 4.3 Medium |
| The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-49755 | 2 Google, Microsoft | 2 Android, Edge | 2025-08-15 | 4.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-4565 | 1 Google | 1 Protobuf-python | 2025-08-14 | 5.3 Medium |
| Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901 | ||||