Total
9115 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-9943 | 1 Google | 2 Android, Chrome | 2026-06-01 | N/A | 4.3 MEDIUM |
| Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-9977 | 1 Google | 2 Android, Chrome | 2026-06-01 | N/A | 8.3 HIGH |
| Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-9987 | 1 Google | 2 Android, Chrome | 2026-05-29 | N/A | 7.8 HIGH |
| Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High) | |||||
| CVE-2017-13165 | 1 Google | 1 Android | 2026-05-28 | 4.6 MEDIUM | 5.3 MEDIUM |
| An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937. | |||||
| CVE-2026-6921 | 3 Google, Linux, Microsoft | 4 Android, Chrome, Linux Kernel and 1 more | 2026-05-27 | N/A | 8.3 HIGH |
| Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium) | |||||
| CVE-2025-48651 | 1 Google | 1 Android | 2026-05-27 | N/A | 5.5 MEDIUM |
| In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-6919 | 3 Google, Linux, Microsoft | 4 Android, Chrome, Linux Kernel and 1 more | 2026-05-26 | N/A | 9.6 CRITICAL |
| Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-6920 | 3 Google, Linux, Microsoft | 4 Android, Chrome, Linux Kernel and 1 more | 2026-05-26 | N/A | 9.6 CRITICAL |
| Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-8564 | 2 Apple, Google | 3 Macos, Android, Chrome | 2026-05-21 | N/A | 4.2 MEDIUM |
| Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-8566 | 1 Google | 2 Android, Chrome | 2026-05-19 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-8571 | 1 Google | 2 Android, Chrome | 2026-05-19 | N/A | 8.3 HIGH |
| Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-8572 | 1 Google | 2 Android, Chrome | 2026-05-19 | N/A | 3.1 LOW |
| Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-8583 | 1 Google | 2 Android, Chrome | 2026-05-19 | N/A | 5.3 MEDIUM |
| Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-8513 | 1 Google | 2 Android, Chrome | 2026-05-19 | N/A | 8.3 HIGH |
| Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2026-8539 | 1 Google | 2 Android, Chrome | 2026-05-19 | N/A | 5.4 MEDIUM |
| Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-8552 | 1 Google | 2 Android, Chrome | 2026-05-19 | N/A | 4.3 MEDIUM |
| Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2017-0550 | 1 Google | 1 Android | 2026-05-13 | 7.1 HIGH | 5.5 MEDIUM |
| A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140. | |||||
| CVE-2017-8234 | 1 Google | 1 Android | 2026-05-13 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function. | |||||
| CVE-2017-0470 | 1 Google | 1 Android | 2026-05-13 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500. | |||||
| CVE-2016-10347 | 1 Google | 1 Android | 2026-05-13 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. | |||||