CVE-2019-2152

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118145923...

CVE-2019-2167

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118615501...

CVE-2025-62224 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

...

CVE-2019-16248

The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image analogous to supported...

CVE-2025-14809

ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

CVE-2025-14809 Address bar spoofing risk in ArcSearch on Android

ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

CVE-2025-14809 Address bar spoofing risk in ArcSearch on Android

ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

CVE-2025-14019

LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks...

CVE-2025-14020

LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing attackers to conduct phishing attacks by...

CVE-2025-14698

A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation causes path traversal. The attack needs to be launched locally. The exploit has been made available ...

CVE-2025-14698

CVE-2025-14698 affects atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. The issue is in the component gallery.photogallery.pictures.vault.album, where a path traversal vulnerability is exploitable via a local attack. Public PoC/exploit details exist, and multiple sources (Red Hat, NVD, CVE...

EUVD-2025-203320

A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation causes path traversal. The attack needs to be launched locally. The exploit has been made available ...

CVE-2025-32901

A flaw was found in KDE Connect. This vulnerability allows an application crash via malicious device IDs sent via broadcast UDP User Datagram Protocol. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

CVE-2025-14617

CVE-2025-14617 affects Jehovah’s Witnesses JW Library App up to version 15.5.1 on Android. Affected is an unknown function in component org.jw.jwlibrary.mobile.activity.SiloContainer, leading to a path traversal vulnerability. Local access is required. The exploit has been disclosed publicly. CVS...

CVE-2025-14617 Jehovahs Witnesses JW Library App org.jw.jwlibrary.mobile.activity.SiloContainer path traversal

A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. Such manipulation leads to path traversal. Local access is required to approach this attack. The exploit ha...

CVE-2025-14373

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-14373

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

Exploit for CVE-2025-36924

CVE-2025-36924 Android Privilege Escalation Exploit Discla...

A look at an Android ITW DNG exploit

Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. Investigation of these images show...

Google Android Input Validation Malpractice Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an improper input validation vulnerability that can be exploited by an attacker to cause a local elevation of privilege...