PT-2025-40457

Name of the Vulnerable Software and Affected Versions Unity versions 2017.1 through 6000.3 Description A critical vulnerability exists in the Unity Runtime, potentially allowing attackers to execute arbitrary code on systems running applications built with affected versions of the engine. This...

Wear OS Security Bulletin—June 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2025-06-05 or later from the June 2025 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

PUB-A-394726109

Analysis: Access Vector: Local Layer: Userland Root Causes: Heap Buffer Overflow SRS Categories: - Android Security SRS Category: Memory Safety Writeup: A stack trace alone with PoC app is insufficient to determine if this represents a genuine memory corruption vulnerability reachable by an...

CVE-2025-5066

Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-5066

Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-8639

Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2024-6605

Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox 128...

CVE-2024-41955

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5...

CVE-2024-46962

The SYQ com.downloader.video.fast aka Master Video Downloader application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component...

CVE-2024-37403

Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information...

CVE-2024-37574

The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity...

CVE-2024-4765

Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. This issue only affects Firefox for Android. Other versions of...

CVE-2024-37575

The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.defaultdialer.DefaultDialerActivity component...

CVE-2024-46960

The ASD com.rocks.video.downloader aka HD Video Downloader All Format application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component...

CVE-2024-10826

Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2024-47030

Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818...

CVE-2023-29761

An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files...

CVE-2023-29746

An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files...

CVE-2023-29544

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-29755

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files...