Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 15289 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-22417 1 Google 1 Android 2026-06-17 N/A 7.3 HIGH
In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2025-22416 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22415 1 Google 1 Android 2026-06-17 N/A 4.0 MEDIUM
In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22414 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22413 1 Google 1 Android 2026-06-17 N/A 4.0 MEDIUM
In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22412 1 Google 1 Android 2026-06-17 N/A 8.8 HIGH
In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22411 1 Google 1 Android 2026-06-17 N/A 8.8 HIGH
In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22410 1 Google 1 Android 2026-06-17 N/A 8.4 HIGH
In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22409 1 Google 1 Android 2026-06-17 N/A 8.4 HIGH
In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22408 1 Google 1 Android 2026-06-17 N/A 9.8 CRITICAL
In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22407 1 Google 1 Android 2026-06-17 N/A 5.5 MEDIUM
In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22406 1 Google 1 Android 2026-06-17 N/A 8.4 HIGH
In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22405 1 Google 1 Android 2026-06-17 N/A 8.4 HIGH
In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22404 1 Google 1 Android 2026-06-17 N/A 8.4 HIGH
In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22403 1 Google 1 Android 2026-06-17 N/A 9.8 CRITICAL
In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-21035 2 Google, Samsung 2 Android, Calendar 2026-06-17 N/A 4.6 MEDIUM
Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.
CVE-2025-21024 1 Google 1 Android 2026-06-17 N/A 3.3 LOW
Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.
CVE-2025-20980 1 Google 1 Android 2026-06-17 N/A 4.0 MEDIUM
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.
CVE-2025-20979 1 Google 1 Android 2026-06-17 N/A 8.4 HIGH
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.
CVE-2025-20926 2 Google, Samsung 2 Android, Myfiles 2026-06-17 N/A 5.5 MEDIUM
Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege.