Total
8673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20345 | 1 Google | 1 Android | 2025-10-20 | N/A | 8.8 HIGH |
| In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481 | |||||
| CVE-2022-20239 | 1 Google | 1 Android | 2025-10-20 | N/A | 9.8 CRITICAL |
| remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091 | |||||
| CVE-2025-11716 | 2 Google, Mozilla | 3 Android, Firefox, Thunderbird | 2025-10-16 | N/A | 6.5 MEDIUM |
| Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144. | |||||
| CVE-2025-20721 | 2 Google, Mediatek | 15 Android, Iot Yocto, Mt6886 and 12 more | 2025-10-15 | N/A | 7.8 HIGH |
| In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279. | |||||
| CVE-2025-20722 | 4 Google, Mediatek, Openwrt and 1 more | 19 Android, Mt6835, Mt6878 and 16 more | 2025-10-15 | N/A | 5.5 MEDIUM |
| In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798. | |||||
| CVE-2025-20723 | 2 Google, Mediatek | 15 Android, Mt6835, Mt6878 and 12 more | 2025-10-15 | N/A | 7.8 HIGH |
| In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797. | |||||
| CVE-2025-11717 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-15 | N/A | 9.1 CRITICAL |
| When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability affects Firefox < 144. | |||||
| CVE-2025-11718 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-15 | N/A | 6.5 MEDIUM |
| When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox < 144. | |||||
| CVE-2025-11720 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-15 | N/A | 8.1 HIGH |
| The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144. | |||||
| CVE-2024-20854 | 2 Google, Samsung | 2 Android, Camera | 2025-10-10 | N/A | 5.9 MEDIUM |
| Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image data. | |||||
| CVE-2025-20926 | 2 Google, Samsung | 2 Android, Myfiles | 2025-10-03 | N/A | 5.5 MEDIUM |
| Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege. | |||||
| CVE-2025-21024 | 1 Google | 1 Android | 2025-10-02 | N/A | 3.3 LOW |
| Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information. | |||||
| CVE-2025-20980 | 1 Google | 1 Android | 2025-10-02 | N/A | 4.0 MEDIUM |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption. | |||||
| CVE-2025-20979 | 1 Google | 1 Android | 2025-10-02 | N/A | 8.4 HIGH |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code. | |||||
| CVE-2023-21482 | 2 Google, Samsung | 2 Android, Camera | 2025-10-01 | N/A | 6.1 MEDIUM |
| Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard. | |||||
| CVE-2021-39810 | 1 Google | 1 Android | 2025-09-30 | N/A | 7.8 HIGH |
| In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21342 | 1 Google | 1 Android | 2025-09-30 | N/A | 7.8 HIGH |
| In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-34739 | 1 Google | 1 Android | 2025-09-29 | N/A | 7.8 HIGH |
| In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-36890 | 1 Google | 1 Android | 2025-09-29 | N/A | 9.8 CRITICAL |
| Elevation of Privilege | |||||
| CVE-2025-26442 | 1 Google | 1 Android | 2025-09-29 | N/A | 5.5 MEDIUM |
| In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||