Google Android vulnerabilities
7,234 known vulnerabilities affecting google/android.
Total CVEs
7,234
CISA KEV
18
actively exploited
Public exploits
48
Exploited in wild
18
Severity breakdown
CRITICAL544HIGH2984MEDIUM3458LOW248
Vulnerabilities
Page 5 of 362
CVE-2025-48642MEDIUMCVSS 5.5v14.0v15.0+5 more2026-03-02
CVE-2025-48642 [MEDIUM] CWE-200 CVE-2025-48642: In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in
In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2026-0024MEDIUMCVSS 4.0v14.0v15.0+5 more2026-03-02
CVE-2026-0024 [MEDIUM] CWE-862 CVE-2026-0024: In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reve
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2025-48585MEDIUMCVSS 6.2v16.0v162026-03-02
CVE-2025-48585 [MEDIUM] CWE-20 CVE-2025-48585: In multiple functions of ProfilingService.java, there is a possible persistent denial of service due
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2026-20439MEDIUMCVSS 4.4v15.02026-03-02
CVE-2026-20439 [MEDIUM] CWE-416 CVE-2026-20439: In imgsys, there is a possible system crash due to use after free. This could lead to local denial o
In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826.
nvd
CVE-2026-20443MEDIUMCVSS 6.7v14.0v15.0+1 more2026-03-02
CVE-2026-20443 [MEDIUM] CWE-416 CVE-2026-20443: In display, there is a possible memory corruption due to use after free. This could lead to local es
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722.
nvd
CVE-2025-48644MEDIUMCVSS 5.5v14.0v15.0+5 more2026-03-02
CVE-2025-48644 [MEDIUM] CWE-20 CVE-2025-48644: In multiple locations, there is a possible persistent denial of service due to improper input valida
In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2026-20445MEDIUMCVSS 4.4v14.0v15.0+1 more2026-03-02
CVE-2026-20445 [MEDIUM] CWE-367 CVE-2026-20445: In MDDP, there is a possible system crash due to a race condition. This could lead to local denial o
In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184.
nvd
CVE-2026-20427MEDIUMCVSS 6.7v14.0v15.0+1 more2026-03-02
CVE-2026-20427 [MEDIUM] CWE-787 CVE-2026-20427: In display, there is a possible escalation of privilege due to a missing bounds check. This could le
In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537.
nvd
CVE-2026-20444MEDIUMCVSS 6.7v14.0v15.0+1 more2026-03-02
CVE-2026-20444 [MEDIUM] CWE-787 CVE-2026-20444: In display, there is a possible memory corruption due to a missing bounds check. This could lead to
In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721.
nvd
CVE-2025-48587MEDIUMCVSS 6.2v16.0v162026-03-02
CVE-2025-48587 [MEDIUM] CWE-20 CVE-2025-48587: In multiple functions of ProfilingService.java, there is a possible persistent denial of service due
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2024-43766MEDIUMCVSS 6.5v14.0v15.0+4 more2026-03-02
CVE-2024-43766 [MEDIUM] CWE-319 CVE-2024-43766: In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invali
In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2026-20440MEDIUMCVSS 6.7v15.02026-03-02
CVE-2026-20440 [MEDIUM] CWE-1285 CVE-2026-20440: In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to lo
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824.
nvd
CVE-2026-0015MEDIUMCVSS 6.2v14.0v15.0+5 more2026-03-02
CVE-2026-0015 [MEDIUM] CWE-20 CVE-2026-0015: In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to
In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2026-20438MEDIUMCVSS 6.4v15.02026-03-02
CVE-2026-20438 [MEDIUM] CWE-367 CVE-2026-20438: In MAE, there is a possible out of bounds write due to a race condition. This could lead to local es
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835.
nvd
CVE-2026-20441MEDIUMCVSS 6.7v15.02026-03-02
CVE-2026-20441 [MEDIUM] CWE-787 CVE-2026-20441: In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to lo
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803.
nvd
CVE-2026-20426MEDIUMCVSS 6.7v14.0v15.0+1 more2026-03-02
CVE-2026-20426 [MEDIUM] CWE-787 CVE-2026-20426: In display, there is a possible out of bounds write due to a missing bounds check. This could lead t
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5538.
nvd
CVE-2026-20442MEDIUMCVSS 4.4v14.0v15.0+1 more2026-03-02
CVE-2026-20442 [MEDIUM] CWE-416 CVE-2026-20442: In display, there is a possible system crash due to use after free. This could lead to local denial
In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723.
nvd
CVE-2026-20424MEDIUMCVSS 4.4v15.0v16.02026-03-02
CVE-2026-20424 [MEDIUM] CWE-125 CVE-2026-20424: In display, there is a possible out of bounds read due to a missing bounds check. This could lead to
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540.
nvd
CVE-2026-0014MEDIUMCVSS 6.2v14.0v15.0+5 more2026-03-02
CVE-2026-0014 [MEDIUM] CWE-20 CVE-2026-0014: In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due
In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2026-20429MEDIUMCVSS 4.4v14.0v15.0+1 more2026-03-02
CVE-2026-20429 [MEDIUM] CWE-125 CVE-2026-20429: In display, there is a possible out of bounds read due to a missing bounds check. This could lead to
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535.
nvd