CVE-2025-1917

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-1940

The CVE-2025-1940 issue concerns Mozilla Firefox for Android, where a select option could partially obscure the confirmation prompt shown before launching external apps. Root cause: UI/UX could mislead users into unknowingly launching an external app. Affected: Firefox on Android, versions earlie...

Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-43093 - A privilege escalation flaw in...

Linux Distros Unpatched Vulnerability : CVE-2017-0627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. Thi...

Mozilla Firefox < 136.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 136.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-14 advisory. - Malicious pages could use Firefox for Android to pass FIDO: links to the OS and trigger the hybrid passkey...

Linux Distros Unpatched Vulnerability : CVE-2017-0663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an...

Android Security Bulletin—March 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2025-03-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

CVE-2025-0895 IBM Cognos Mobile information disclosure

IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages...

CVE-2025-1629 Excitel Broadband Private my Excitel App One-Time Password excessive authentication

A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vend...

CVE-2020-6158

Opera Mini for Android versions prior to 52.2 are vulnerable to an address bar spoofing attack, allowing a malicious page to impersonate another page and trick users into entering sensitive data. The affected component is Opera Mini’s browser rendering/address bar handling. The available sources ...

CVE-2025-25300

smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...

CVE-2025-1426

Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-1426

Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-1426

Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-26700

Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where the application is installed to bypass the lock screen and obtain sensitive information...

CVE-2025-26700

Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where the application is installed to bypass the lock screen and obtain sensitive information...

Google Android elevation of privilege vulnerability (CNVD-2025-05220)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to elevate privileges...

Google Android elevation of privilege vulnerability (CNVD-2025-05218)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to elevate privileges...

Google Android elevation of privilege vulnerability (CNVD-2025-05221)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to elevate privileges...

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granti...