Export limit exceeded: 13795 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13795 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3542 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-05 | 8.8 High |
| Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-3543 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-05 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-3544 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-05 | 8.8 High |
| Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-3136 | 2 Google, Google Cloud | 2 Cloud Build, Cloud Build | 2026-03-05 | 9.8 Critical |
| An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed. | ||||
| CVE-2018-5383 | 4 Apple, Google, Redhat and 1 more | 5 Iphone Os, Mac Os X, Android and 2 more | 2026-03-05 | 6.8 Medium |
| Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. | ||||
| CVE-2026-22694 | 2 Aliasvault, Google | 2 Aliasvault, Android | 2026-03-05 | 6.1 Medium |
| AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response for a site it was not authorized to access. The issue involved incomplete validation of calling app identity, origin, and RP ID in the Android credential provider. This issue was fixed in AliasVault Android 0.25.3. | ||||
| CVE-2025-48545 | 1 Google | 1 Android | 2026-03-04 | 7.1 High |
| In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-3223 | 1 Google | 1 Web Designer | 2026-03-04 | N/A |
| Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer. | ||||
| CVE-2026-0008 | 1 Google | 1 Android | 2026-03-03 | 8.4 High |
| In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29741 | 1 Google | 1 Android | 2026-02-28 | 7.8 High |
| In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-13876 | 2 Google, Rareprob | 3 Android, Hd Video Player All Formats, Hd Video Player All Formats App | 2026-02-26 | 5.3 Medium |
| A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-1669 | 2 Google, Keras | 2 Keras, Keras | 2026-02-26 | 7.5 High |
| Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references. | ||||
| CVE-2024-27218 | 1 Google | 1 Android | 2026-02-26 | 6.2 Medium |
| In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-32902 | 1 Google | 1 Android | 2026-02-26 | 7.5 High |
| Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet) | ||||
| CVE-2024-20079 | 2 Google, Mediatek | 30 Android, Mt6761, Mt6765 and 27 more | 2026-02-26 | 9.8 Critical |
| In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491. | ||||
| CVE-2025-8882 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-53627 | 2 Google, Meshtastic | 3 Android, Firmware, Meshtastic Firmware | 2026-02-26 | 5.3 Medium |
| Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the `pki_encrypted` flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an intentional decision to maintain backwards compatibility. However, the end-user applications, like Web app, iOS/Android app, and applications built on top of Meshtastic using the SDK, did not have a way to differentiate between end-to-end encrypted DMs and the legacy DMs. This creates a downgrade attack path where adversaries who know a shared channel key can craft and inject spoofed direct messages that are displayed as if they were PKC encrypted. Users are not given any feedback of whether a direct message was decrypted with PKI or with legacy symmetric encryption, undermining the expected security guarantees of the PKI rollout. Version 2.7.15 fixes this issue. | ||||
| CVE-2025-20645 | 2 Google, Mediatek | 15 Android, Mt6765, Mt6768 and 12 more | 2026-02-26 | 7.8 High |
| In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599. | ||||
| CVE-2025-20650 | 5 Google, Linuxfoundation, Mediatek and 2 more | 25 Android, Yocto, Mt2737 and 22 more | 2026-02-26 | 6.8 Medium |
| In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061. | ||||
| CVE-2025-1914 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||