Android Security Bulletin—May 2026Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2026-05-01 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Within 48 hours afte...

CVE-2026-35374

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

Google Chrome FileSystem Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome FileSystem component, which can be exploited by an attacker to leverage object corruption via specially crafted HTML pages...

EUVD-2026-22617

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...

Android Security Bulletin—March 2026Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2026-03-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Source code patches...

CVE-2026-2777

CVE-2026-2777 is a privilege-escalation issue in the Messaging System component affecting Firefox < 148, Firefox ESR < 115.33, and Firefox ESR

CVE-2026-2777 Privilege escalation in the Messaging System component

Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2025-4960 macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s...

CVE-2025-4960

CVE-2025-4960 affects macOS via the EPSON printer driver installer’s com.epson.InstallNavi.helper, which exposes privileged functionality due to improper authorization handling and weak client authentication over XPC. The API flow uses overly permissive custom rights registered in /var/db/auth.db...

CVE-2026-0881

Sandbox escape in the Messaging System component. This vulnerability affects Firefox 147 and Thunderbird 147...

Exploit for CVE-2025-48593

🚨 CVE-2025-48593 Zero-Click Remote Code Execution in Android...

EUVD-2025-26892

Malicious code in bioql PyPI...

CVE-2025-26439

In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-26439

CVE-2025-26439 describes a logic error in getComponentName of AccessibilitySettingsUtils.java that can allow a malicious TalkBack service to be enabled in place of the system component. This enables local privilege escalation with no additional privileges or user interaction needed (AV:L/AC:L/PR:...