CVE-2026-5902

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5902

CVE-2026-5902 affects Chromium/Chrome on Android prior to 147.0.7727.55, where a race in media handling could be exploited by a compromised renderer to corrupt media stream metadata via a crafted HTML page. The documented impact in the connected sources centers on this race condition in the media...

CVE-2026-5902

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5902

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...

CVE-2025-69515

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

Android Logs Events And Protobuf Parser 路径遍历漏洞

Android Logs Events And Protobuf Parser is a tool developed by Brigs’ personal developer for parsing Android logs and protocol buffers. Versions of Android Logs Events And Protobuf Parser 3.4.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the NQVault.py...

CVE-2025-48651

In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-5682

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

CVE-2026-35394

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

EUVD-2025-209278

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

CVE-2025-69515

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

OpenClaw: Android accepted cleartext remote gateway endpoints and sent stored credentials over ws://

Summary Before OpenClaw 2026.4.2, Android accepted non-loopback cleartext ws:// gateway endpoints and would send stored gateway credentials over that connection. Discovery beacons or setup codes could therefore steer the client onto a cleartext remote endpoint. Impact A user who followed a forged...

CVE-2025-69515

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

CVE-2025-69515

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome for Android prior to 147.0.7727.55 contained a security vulnerability. This vulnerability stemmed from incorrect Omnibox security UI behavior, which could allow remote attackers to manipulate the address bar content...

CVE-2025-69515

The CVE-2025-69515 entry relates to JXL’s 9 Inch Car Android Double Din Player (Android v12.0). It describes a flaw that lets attackers force the infotainment system to accept falsified GPS signals as legitimate, causing incorrect or static location reporting. Affected component: GPS/location han...

PT-2026-30982

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

Google Chrome 竞争条件问题漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome for Android prior to 147.0.7727.55 contained a competitive condition vulnerability, which was caused by Media-related competitive conditions. This vulnerability could allow remote attackers to...

Pixel Update Bulletin—April 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2026-04-01 or later address all issues in this bulletin and all issues in the April 2026 Android Securi...

EUVD-2026-19482

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...