cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2018-9464,https://securityvulnerability.io/vulnerability/CVE-2018-9464,Privilege Escalation Vulnerability in Android Products by Google,"This vulnerability allows unauthorized access to protected files within multiple locations on Android devices, stemming from inadequate permission checks. Exploiting this weakness permits local escalation of privileges without requiring any additional execution rights. Notably, user interaction is unnecessary for the attack to be successful, emphasizing the risk associated with this flaw.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-18T00:15:00.000Z,0
CVE-2018-9461,https://securityvulnerability.io/vulnerability/CVE-2018-9461,Local Privilege Escalation Flaw in Android Messaging App by Google,"A vulnerability exists in the ShareIntentActivity of the Android Messaging App, which may allow an attacker to read files through a race condition. This issue enables local escalation of privileges without requiring additional execution permissions or user interaction, thereby potentially compromising sensitive user data.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-18T00:15:00.000Z,0
CVE-2018-9406,https://securityvulnerability.io/vulnerability/CVE-2018-9406,Local Resource Exposure in NlpService Affecting Android Products,"The NlpService in certain Android versions contains a vulnerability that allows an attacker to exploit a missing permission check, potentially revealing sensitive location information. This could enable local escalation of privileges without requiring additional permissions or user interaction, posing a risk to user privacy and system integrity.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-18T00:15:00.000Z,0
CVE-2018-9405,https://securityvulnerability.io/vulnerability/CVE-2018-9405,Out of Bounds Write Vulnerability in Android System Agent,"In the BnDmAgent::onTransact function within dm_agent.cpp, an out of bounds write occurs due to a missing bounds check. This vulnerability enables a local attacker to escalate privileges to System execution privileges without requiring user interaction, potentially compromising the security of the affected Android system.",Google,Android System,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-18T00:15:00.000Z,0
CVE-2018-9401,https://securityvulnerability.io/vulnerability/CVE-2018-9401,Kernel Memory Access Vulnerability in Android by Google,"A vulnerability exists in several versions of Android that allows potential access to kernel memory from user space due to an incorrect bounds check. This oversight could be exploited to achieve local privilege escalation without requiring additional execution permissions, making it a significant security risk. User interaction is not necessary for this vulnerability to be exploited, which increases the likelihood of its impact on affected systems.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-18T00:15:00.000Z,0
CVE-2018-9389,https://securityvulnerability.io/vulnerability/CVE-2018-9389,Heap Buffer Overflow in IP6 Output Component of Android Operating System,"A vulnerability exists in the IP6 output system of the Android operating system due to a heap buffer overflow within the ip6_append_data function. This flaw could potentially allow an attacker to execute arbitrary code, leading to local privilege escalation without requiring any additional execution privileges or user interaction. Effective measures should be implemented to mitigate the risks associated with this vulnerability to protect against unauthorized system access.",Google,Android Operating System,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-18T00:15:00.000Z,0
CVE-2018-9387,https://securityvulnerability.io/vulnerability/CVE-2018-9387,Heap Overflow Vulnerability in Android's mnh-sm.c Component,"A vulnerability exists within multiple functions of the mnh-sm.c component of Android, where an integer overflow can lead to a heap overflow condition. This flaw can potentially allow an attacker to escalate privileges locally without requiring additional execution privileges. Notably, user interaction is not necessary for the exploitation of this vulnerability, making it particularly concerning for system security.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-18T00:15:00.000Z,0
CVE-2018-9447,https://securityvulnerability.io/vulnerability/CVE-2018-9447,Local Denial of Service Vulnerability in Android Emergency Callback Mode by Google,"The vulnerability in Android's Emergency Callback Mode allows for a local denial of service due to a missing null check in the EmergencyCallbackModeExitDialog.java component. This flaw could potentially lead to crashes without requiring any execution privileges or user interaction, posing a risk to system stability.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-17T23:15:00.000Z,0
CVE-2018-9434,https://securityvulnerability.io/vulnerability/CVE-2018-9434,Address Space Layout Randomization Bypass in Android Products by Google,"A vulnerability within the Parcel.cpp functions of Android could allow an attacker to bypass address space layout randomization (ASLR). This weakness may enable local escalation of privileges without the need for additional execution privileges or user interaction. This could potentially result in unauthorized access to sensitive system resources by manipulating the memory layout, posing a significant risk to the integrity of Android devices.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-17T23:15:00.000Z,0
CVE-2018-9384,https://securityvulnerability.io/vulnerability/CVE-2018-9384,KASLR Bypass Vulnerability in Android Devices by Google,"This vulnerability allows for a potential bypass of Kernel Address Space Layout Randomization (KASLR) in certain Android versions. Due to an unusual root cause, attackers may exploit this vulnerability to disclose sensitive information locally. The exploitation does not require user interaction, and the vulnerability could lead to unauthorized access to system resources, making it critical for users to update their devices to the latest security patches provided by Google.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-17T23:15:00.000Z,0
CVE-2018-9383,https://securityvulnerability.io/vulnerability/CVE-2018-9383,Out of Bounds Read Vulnerability in Google Android Products,"The vulnerability in asn1_ber_decoder within asn1_decoder.c poses a risk of potential out of bounds read. This can result in local information disclosure, requiring system execution privileges for exploitation. No user interaction is necessary for an attacker to exploit this vulnerability, making it particularly concerning for affected Android OS versions.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-17T23:15:00.000Z,0
CVE-2018-9382,https://securityvulnerability.io/vulnerability/CVE-2018-9382,Local Privilege Escalation in Wi-Fi Hotspot Functionality in Android by Google,"A vulnerability exists in the Wi-Fi hotspot functionality of Android, specifically within multiple functions of WifiServiceImpl.java. This issue arises from a missing permission check which allows non-owner profiles to activate the Wi-Fi hotspot. As a result, this could potentially lead to local privilege escalation without any additional execution privileges or user interaction needed for exploitation. This flaw poses a serious security risk, enabling unauthorized access to network services.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-17T23:15:00.000Z,0
CVE-2018-9379,https://securityvulnerability.io/vulnerability/CVE-2018-9379,Local Information Disclosure in Android Pixel Devices,"This vulnerability arises from a flaw in multiple functions of MiniThumbFile.java within Android Pixel devices, allowing unauthorized access to the thumbnails of deleted photos. This can lead to local information disclosure, as the issue stems from a confused deputy problem, which does not require any additional execution privileges or user interaction for exploitation.",Google,Android Pixel Devices,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-17T23:15:00.000Z,0
CVE-2018-9375,https://securityvulnerability.io/vulnerability/CVE-2018-9375,Local Privilege Escalation in Android User Dictionary by Google,"A vulnerability exists in the UserDictionaryProvider.java where multiple functions may allow a malicious application to manipulate the user dictionary. This flaw enables the addition and deletion of words without the necessary execution privileges, which can lead to unauthorized escalation of privileges. Notably, user interaction is not required for successful exploitation, increasing the risk of attack on affected devices.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-17T23:15:00.000Z,0
CVE-2017-13322,https://securityvulnerability.io/vulnerability/CVE-2017-13322,Logic Error in PhoneInterfaceManager Causes Emergency Services Access Issues,"A vulnerability in the PhoneInterfaceManager component of the Android operating system allows for a logic error that potentially prevents users from accessing emergency services. This local denial of service arises from the flawed handling of the endCallForSubscriber function within the PhoneInterfaceManager.java file. Exploitation does not require elevated privileges or user interaction, making it a concerning issue for affected devices. Proper remediation and updates are essential to restore normal functionality for users needing emergency assistance.",Google,Android,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-17T23:15:00.000Z,0
CVE-2025-0448,https://securityvulnerability.io/vulnerability/CVE-2025-0448,UI Spoofing Vulnerability in Google Chrome,"A vulnerability in Google Chrome prior to version 132.0.6834.83 allows remote attackers to manipulate user interface elements via specially crafted HTML pages. This exploitation can mislead users by creating false representations of legitimate content, potentially leading to unauthorized actions or data leakage. Awareness of this vulnerability is critical for maintaining secure browsing experiences.",Google,Chrome,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T10:58:54.689Z,0
CVE-2025-0447,https://securityvulnerability.io/vulnerability/CVE-2025-0447,Privilege Escalation Vulnerability in Google Chrome,"A vulnerability exists in Google Chrome that allows remote attackers to escalate privileges through a specially crafted HTML page. This issue is present in versions prior to 132.0.6834.83, highlighting the risks associated with unpatched software. Users are advised to update their browsers to mitigate potential threats and enhance their security posture.",Google,Chrome,8.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T10:58:54.496Z,0
CVE-2025-0446,https://securityvulnerability.io/vulnerability/CVE-2025-0446,UI Spoofing Vulnerability in Google Chrome Extensions,"A vulnerability exists in Google Chrome Extensions that allows a remote attacker to manipulate UI elements when a user performs specific gestures. This issue arises from an inappropriate implementation in the Extensions framework prior to version 132.0.6834.83. When a user is misled into interacting with a malicious Chrome Extension, it can result in UI spoofing, potentially tricking the user into performing actions that could compromise their security.",Google,Chrome,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T10:58:54.310Z,0
CVE-2025-0443,https://securityvulnerability.io/vulnerability/CVE-2025-0443,Data Validation Flaw in Google Chrome Extensions,"A vulnerability in Google Chrome prior to version 132.0.6834.83 arises from insufficient data validation in its Extensions. This flaw allows a remote attacker to exploit specific user interface gestures and perform privilege escalation by using a crafted HTML page. Users are at risk if they are persuaded to interact with malicious content, leading to elevated permissions without their consent.",Google,Chrome,8.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T10:58:54.090Z,0
CVE-2025-0442,https://securityvulnerability.io/vulnerability/CVE-2025-0442,UI Spoofing Vulnerability in Google Chrome Payment System,"An inappropriate implementation in the Payments feature of Google Chrome prior to version 132.0.6834.83 enables remote attackers to exploit UI spoofing. This can occur by convincing users to interact with specific user interface gestures on a specially crafted HTML page, potentially leading to manipulation of user actions and exposure to malicious intents. Users are advised to update to the latest version to mitigate this risk.",Google,Chrome,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T10:58:53.903Z,0
CVE-2025-0441,https://securityvulnerability.io/vulnerability/CVE-2025-0441,Improper Handling of Fenced Frames in Google Chrome by Google,"The vulnerability involves an inappropriate implementation in the Fenced Frames feature of Google Chrome, which affects versions prior to 132.0.6834.83. This flaw could allow remote attackers to exploit crafted HTML pages to access potentially sensitive information from a user’s system. The issue raises security concerns regarding the handling of isolated browsing contexts, highlighting the need for users to keep their browsers updated to ensure protection against such vulnerabilities.",Google,Chrome,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T10:58:53.709Z,0
CVE-2025-0440,https://securityvulnerability.io/vulnerability/CVE-2025-0440,UI Spoofing Vulnerability in Google Chrome on Windows,"A vulnerability in Google Chrome for Windows prior to version 132.0.6834.83 allows remote attackers to deceive users through UI spoofing via a crafted HTML page. This can lead to users being misled into inputting sensitive information, thus compromising security and privacy. The inappropriate implementation of the Fullscreen feature is the root cause of this issue, making users susceptible to potential phishing attacks.",Google,Chrome,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T10:58:53.511Z,0
CVE-2025-0439,https://securityvulnerability.io/vulnerability/CVE-2025-0439,UI Spoofing Vulnerability in Google Chrome Affects Multiple Versions,"A race condition in Google Chrome versions prior to 132.0.6834.83 creates a potential security risk allowing remote attackers to manipulate user interface elements. By convincing users to perform specific gestures while interacting with a crafted HTML page, attackers can achieve UI spoofing, which could lead to misleading information being displayed to users.",Google,Chrome,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T10:58:53.334Z,0
CVE-2025-0438,https://securityvulnerability.io/vulnerability/CVE-2025-0438,Stack Buffer Overflow Vulnerability in Google Chrome,"A stack buffer overflow vulnerability has been identified in Google Chrome's tracing feature, which affects versions prior to 132.0.6834.83. This vulnerability can be exploited by a remote attacker through a specially crafted HTML page, potentially leading to stack corruption and unauthorized access. Users are advised to update their Chrome browser to ensure protection against this vulnerability and maintain their online security. For more detailed information, check the official Chrome releases blog and related discussions.",Google,Chrome,8.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T10:58:52.981Z,0
CVE-2025-0437,https://securityvulnerability.io/vulnerability/CVE-2025-0437,Out of Bounds Read Vulnerability in Google Chrome,"An out of bounds read vulnerability exists in Google Chrome versions prior to 132.0.6834.83, enabling remote attackers to potentially exploit heap corruption through specially crafted HTML pages. This could lead to various security issues, making it essential for users to keep their browsers updated and to exercise caution when browsing untrusted sites.",Google,Chrome,8.8,HIGH,0.0006099999882280827,false,false,false,false,false,false,false,2025-01-15T10:58:52.779Z,0