10 matches found
CVE-2026-10014
CVE-2026-10014 describes a use-after-free in WebMIDI within the Chromium-based Google Chrome browser on Android, prior to version 148.0.7778.216. The issue arises when a renderer process is compromised, potentially enabling a sandbox escape via a crafted HTML page. Affected component: WebMIDI (Ch...
CVE-2026-26228
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26228 VLC for Android < 3.7.0 Remote Access Path Traversal
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26228 VLC for Android < 3.7.0 Remote Access Path Traversal
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26228
VLC for Android prior to 3.7.0 is affected by a path traversal vulnerability in the Remote Access Server’s GET /download endpoint. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allo...
PT-2026-22155
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2025-48543
In multiple locations, there is a possible way to escape chrome sandbox to attack android systemserver due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
The vulnerability of the Android Framework component of the Android operating system allows attackers to elevate their privileges and gain unauthorized access to directories such as Android/data, Android/obb, and Android/sandbox.
The vulnerability of the Android Framework component of the Android operating system is related to insecure management of privileges. Exploiting this vulnerability allows a remote attacker to enhance their privileges and gain unauthorized access to directories such as Android/data, Android/obb, a...
Attacking the Qualcomm Adreno GPU
Posted by Ben Hawkes, Project Zero When writing an Android exploit, breaking out of the application sandbox is often a key step. There are a wide range of remote attacks that give you code execution with the privileges of an application like the browser or a messaging application, but a sandbox...
VirusTotal launches 'Droidy' sandbox to detect malicious Android apps
One of the biggest and most popular multi-antivirus scanning engine service has today launched a new Android sandbox service, dubbed VirusTotal Droidy, to help security researchers detect malicious apps based on behavioral analysis. VirusTotal, owned by Google, is a free online service that allow...