Lucene search
K

655 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:56 a.m.8 views

CVE-2019-2179

In NDEFMsgValidate of ndefutils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

5.5CVSS6.3AI score0.00449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:36 a.m.7 views

CVE-2012-4908

Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink...

7.5CVSS6.5AI score0.03348EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:44 a.m.8 views

CVE-2012-5180

The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application...

4.3CVSS6.3AI score0.00893EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/05/12 10:34 a.m.13 views

A week in security (May 4 – May 10)

Last week on Malwarebytes Labs: The AI chatbot cop squad is here Lock and Code S06E09 Android fixes 47 vulnerabilities, including one zero-day. Update as soon as you can! "Your privacy is a promise we don’t break": Dating app Raw exposes sensitive user data FBI issues warning as scammers target...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/09 9:44 a.m.18 views

CVE-2025-20975

Improper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activity with systemui privilege...

5.5CVSS6.8AI score0.0012EPSS
Exploits0References1
NCSC
NCSC
added 2025/05/07 11:19 a.m.60 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. The vulnerabilities are in the Keymaster trustlet, SmartManagerCN and FreeType, among others. The vulnerabilities allow a local attacker to run code on the device and execute code with SmartManagerCN privileges. Google reports receiving information tha...

9.1CVSS7.8AI score0.26049EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/05/07 8:24 a.m.6 views

CVE-2025-20968

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery...

7.2CVSS6.9AI score0.00267EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/05/06 1:9 p.m.19 views

Android fixes 47 vulnerabilities, including one zero-day. Update as soon as you can!

Google has patched 47 vulnerabilities in Android, including one actively exploited zero-day vulnerability in its May 2025 Android Security Bulletin. Zero-days are vulnerabilities that are exploited before vendors have a chance to patch them—often before they even know about them. The May updates...

8.1CVSS8.7AI score0.26049EPSS
Exploits1
Securelist
Securelist
added 2025/04/25 10:0 a.m.19 views

Triada strikes back

Introduction Older versions of Android contained various vulnerabilities that allowed gaining root access to the device. Many malicious programs exploited these to elevate their system privileges and gain persistence. The notorious Triada Trojan also used this attack vector. With time, the...

8.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.3 views

PT-2025-17307 · Element · Element

Name of the Vulnerable Software and Affected Versions: Element X Android versions prior to 25.04.2 Description: A crafted hyperlink on a webpage or a locally installed malicious app can force Element X to load a webpage with similar permissions to Element Call, automatically granting it temporary...

6.5CVSS6.4AI score0.00304EPSS
Exploits0References8
Malwarebytes
Malwarebytes
added 2025/04/14 7:23 a.m.15 views

A week in security (April 7 – April 13)

Last week on Malwarebytes Labs: The Pall Mall Pact and why it matters Child predators are lurking on dating apps, warns report Your 23andMe genetic data could be bought by China, senator warns WhatsApp for Windows vulnerable to attacks. Update now! Man accused of using keylogger to spy on...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/04/08 11:34 a.m.24 views

Google fixes two actively exploited zero-day vulnerabilities in Android

Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say "zero-day" we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published...

7.8CVSS7.5AI score0.03558EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2025/03/10 9:31 a.m.21 views

A week in security (March 3 – March 9)

Last week on Malwarebytes Labs: TikTok: Major investigation launched into platform’s use of children’s data PayPal scam abuses Docusign API to spread phishy emails Android zero-day vulnerabilities actively abused. Update as soon as you can I spoke to a task scammer. Here’s how it went Android...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/03/05 12:3 p.m.18 views

Android zero-day vulnerabilities actively abused. Update as soon as you can

Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, th...

7.8CVSS7.3AI score0.00809EPSS
Exploits0
Mozilla
Mozilla
added 2025/03/04 12:0 a.m.44 views

Security Vulnerabilities fixed in Firefox 136 — Mozilla

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could...

8.8CVSS7.3AI score0.00497EPSS
Exploits0References15Affected Software1
NCSC
NCSC
added 2025/02/04 9:13 a.m.12 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies, Unisoc and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. The vulnerabilities include...

9.8CVSS7.1AI score0.03301EPSS
Exploits3References2
NVD
NVD
added 2025/02/04 8:15 a.m.37 views

CVE-2025-20897

Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder...

6.8CVSS0.00148EPSS
Exploits0References1
CVE
CVE
added 2025/02/04 7:19 a.m.61 views

CVE-2025-20899

CVE-2025-20899 concerns an improper access control flaw in Samsung’s PushNotification component. Affected: PushNotification prior to 13.0.00.15 on Android 12, prior to 14.0.00.7 on Android 13, and prior to 15.1.00.5 on Android 14. The root cause is access-control weaknesses that could allow a loc...

4CVSS6.8AI score0.00143EPSS
Exploits0References1
NCSC
NCSC
added 2024/09/05 12:2 p.m.67 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant themselves elevated privileges on the device to execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful abuse requires the malicious party to tric...

8.4CVSS8.2AI score0.0301EPSS
Exploits0References2
NCSC
NCSC
added 2024/08/06 9:25 a.m.14 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or grant themselves elevated privileges on the device and thus execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful...

9.8CVSS7.8AI score0.02701EPSS
Exploits2References2
Rows per page
Query Builder