CVE-2026-54318

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...

Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries

Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal install...

CVE-2026-21768

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

CVE-2026-21768

CVE-2026-21768 affects the compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android. The vulnerability arises from improper validation of HTML input in the rich text editor, enabling execution of malicious content in certain scenarios. According to NVD, CVSSv3.1 base score is 6.3 (...

CVE-2026-21768 HCL Verse for Android is susceptible to an injection vulnerability

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

EUVD-2026-38035

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the context of dm-verity-target.c, there is a potential way to modify read-only files due to a missing permission check. This could lead to a local escalation of privileges, as System execution privileges are required. User interaction is not necessary for exploiting this vulnerability. Produc...

Astra Linux – Vulnerability in Firefox

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object’s debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In emulationprochandler of armv8deprecated.c, there is a potential way to corrupt memory due to a race condition. This could lead to a local escalation of privileges without the need for additional execution privileges. User interaction is not required for exploitation. Product: Android. Versions...

CVE-2026-12469

A flaw was found in the GPU component of Google Chrome on Android. This uninitialized use vulnerability could be exploited by a remote attacker. By enticing a user to visit a specially crafted HTML page, an attacker could cause the leakage of sensitive cross-origin data...

EUVD-2026-37857

In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-28573

CVE-2026-28573 affects Android Wear OS via a Framework component vulnerability described as a local denial of service in AndroidManifest.xml due to a missing permission check. The CVE is characterized as high severity with a CVSSv4 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:I:H/CI:H/AI:H; impacts ...

CVE-2026-28573

In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

SUSE CVE-2026-12438

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-12442

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-12448

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-12452

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-12469

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

EUVD-2026-37519

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

EUVD-2026-37533

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: High...