Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
9061 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-56146 | 1 Google | 1 Android | 2026-04-15 | 5.3 Medium |
| Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. | ||||
| CVE-2025-10195 | 2 Google, Seismic | 2 Android, Seismic App | 2026-04-15 | 5.3 Medium |
| A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.seismic.doccenter. Such manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10971 | 3 Apple, Fermax, Google | 3 Ios, Meetme, Android | 2026-04-15 | N/A |
| Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5. | ||||
| CVE-2025-32898 | 3 Apple, Google, Kde | 6 Ios, Android, Gsconnect and 3 more | 2026-04-15 | 4.7 Medium |
| The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59. | ||||
| CVE-2025-14809 | 2 Google, The Browser Company | 2 Android, Arc | 2026-04-15 | 7.4 High |
| ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content. | ||||
| CVE-2025-34251 | 2 Google, Tesla | 4 Android, Telematics Control Unit, Tesla and 1 more | 2026-04-15 | N/A |
| Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a “lockdown” check that disables adb shell, still permits adb push/pull and adb forward. Because adbd is privileged and the device’s USB port is exposed externally, an attacker with physical access can write an arbitrary file to a writable location and then overwrite the kernel’s uevent_helper or /proc/sys/kernel/hotplug entries via ADB, causing the script to be executed with root privileges. | ||||
| CVE-2025-32900 | 3 Apple, Google, Kde | 6 Ios, Android, Gsconnect and 3 more | 2026-04-15 | 4.3 Medium |
| In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59. | ||||
| CVE-2025-10718 | 2 Google, Ooma | 2 Android, Office Business Phone App | 2026-04-15 | 5.3 Medium |
| A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-46962 | 1 Google | 1 Android | 2026-04-15 | 9.1 Critical |
| The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component. | ||||
| CVE-2025-14698 | 2 Atlaszz Ai Photo Team, Google | 2 Galleryit App, Android | 2026-04-15 | 4.4 Medium |
| A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation causes path traversal. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-56467 | 2 Axis, Google | 2 Axis Mobile App, Android | 2026-04-15 | 6.5 Medium |
| An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended feature and "does not reveal much sensitive information." | ||||
| CVE-2025-21030 | 2 Google, Samsung | 3 Android, Mobile, Samsung Mobile | 2026-04-15 | 4.3 Medium |
| Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background. | ||||
| CVE-2025-41408 | 2 Google, Ly Corporation | 2 Android, Yahoo! Shopping App | 2026-04-15 | N/A |
| Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2025-14702 | 2 Google, Smartbit Commv | 2 Android, Smartschool App | 2026-04-15 | 4.4 Medium |
| A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-66270 | 3 Apple, Google, Kde | 6 Ios, Android, Gsconnect and 3 more | 2026-04-15 | 4.7 Medium |
| The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49. | ||||
| CVE-2024-46966 | 1 Google | 1 Android | 2026-04-15 | 8.1 High |
| The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component. | ||||
| CVE-2024-46964 | 1 Google | 1 Android | 2026-04-15 | 8.1 High |
| The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component. | ||||
| CVE-2025-10716 | 2 Creality, Google | 2 Cloud App, Android | 2026-04-15 | 5.3 Medium |
| A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-50862 | 2 Google, Lotuscars | 2 Android, Android App | 2026-04-15 | 5.9 Medium |
| The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure. | ||||
| CVE-2025-14553 | 3 Apple, Google, Tp-link | 4 Ios, Android, Tapo and 1 more | 2026-04-15 | N/A |
| Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged. | ||||