CVE-2013-3643

The Galapagos Browser application for Android does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application...

CVE-2019-2036

In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

CVE-2019-2139

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117610049...

CVE-2019-17395

In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...

CVE-2019-14516

The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help...

CVE-2011-4702

The Nimbuzz com.nimbuzz application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application...

CVE-2019-13099

The Momo application 2.1.9 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user and a user's access token via Logcat...

CVE-2019-0172

A logic issue in Intel UniteR Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access...

CVE-2012-5811

The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2018-17108

The SBIbuddy aka com.sbi.erupee application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application...

CVE-2012-1399

Unspecified vulnerability in the U+Box 2.0 lg.uplusbox application 2.0.2 and 2.0.8.4 for Android has unknown impact and attack vectors...

CVE-2012-4909

Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application...

CVE-2021-25254

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar...

CVE-2021-25254 Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar...

CVE-2025-20979

Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code...

CVE-2025-20966

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles...

CVE-2025-20979

Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code...

CVE-2025-20973

Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder...

CVE-2025-20955

Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images...

Pixel Update Bulletin—May 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2025-05-05 or later address all issues in this bulletin and all issues in the May 2025 Android Security...