cbcvebase.

Google Android vulnerabilities

9,713 known vulnerabilities affecting google/android.

Total CVEs
9,713
CISA KEV
49
actively exploited
Public exploits
89
Exploited in wild
44
Severity breakdown
CRITICAL883HIGH5220MEDIUM3343LOW265UNKNOWN2

Vulnerabilities

Page 9 of 486
CVE-2026-20442MEDIUMCVSS 4.4v14.0v15.0+1 more2026-03-02
CVE-2026-20442 [MEDIUM] CWE-416 CVE-2026-20442: In display, there is a possible system crash due to use after free. This could lead to local denial In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723.
nvd
CVE-2025-48644MEDIUMCVSS 5.5v14.0v15.0+5 more2026-03-02
CVE-2025-48644 [MEDIUM] CWE-20 CVE-2025-48644: In multiple locations, there is a possible persistent denial of service due to improper input valida In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-20424MEDIUMCVSS 4.4v15.0v16.02026-03-02
CVE-2026-20424 [MEDIUM] CWE-125 CVE-2026-20424: In display, there is a possible out of bounds read due to a missing bounds check. This could lead to In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540.
nvd
CVE-2026-0015MEDIUMCVSS 6.2v14.0v15.0+5 more2026-03-02
CVE-2026-0015 [MEDIUM] CWE-20 CVE-2026-0015: In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-0024MEDIUMCVSS 4.0v14.0v15.0+5 more2026-03-02
CVE-2026-0024 [MEDIUM] CWE-862 CVE-2026-0024: In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reve In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-0014MEDIUMCVSS 6.2v14.0v15.0+5 more2026-03-02
CVE-2026-0014 [MEDIUM] CWE-20 CVE-2026-0014: In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-20429MEDIUMCVSS 4.4v14.0v15.0+1 more2026-03-02
CVE-2026-20429 [MEDIUM] CWE-125 CVE-2026-20429: In display, there is a possible out of bounds read due to a missing bounds check. This could lead to In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535.
nvd
CVE-2026-20428MEDIUMCVSS 6.7v14.0v15.0+1 more2026-03-02
CVE-2026-20428 [MEDIUM] CWE-787 CVE-2026-20428: In display, there is a possible out of bounds write due to a missing bounds check. This could lead t In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5536.
nvd
CVE-2026-20437MEDIUMCVSS 4.4v15.02026-03-02
CVE-2026-20437 [MEDIUM] CWE-416 CVE-2026-20437: In MAE, there is a possible system crash due to use after free. This could lead to local denial of s In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843.
nvd
CVE-2026-20435MEDIUMCVSS 4.6v14.0v15.0+1 more2026-03-02
CVE-2026-20435 [MEDIUM] CWE-522 CVE-2026-20435: In preloader, there is a possible read of device unique identifiers due to a logic error. This could In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.
nvd
CVE-2026-0106CRITICALCVSS 9.3vAndroid kernel2026-02-05
CVE-2026-0106 [CRITICAL] CWE-119 CVE-2026-0106: In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-20409HIGHCVSS 7.8v15.02026-02-02
CVE-2026-20409 [HIGH] CWE-787 CVE-2026-20409: In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.
nvd
CVE-2026-20412HIGHCVSS 7.8v13.0v14.0+2 more2026-02-02
CVE-2026-20412 [HIGH] CWE-787 CVE-2026-20412: In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.
nvd
CVE-2026-20411HIGHCVSS 7.8v13.0v14.0+2 more2026-02-02
CVE-2026-20411 [HIGH] CWE-416 CVE-2026-20411: In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.
nvd
CVE-2026-20417MEDIUMCVSS 5.3v15.0v16.02026-02-02
CVE-2026-20417 [MEDIUM] CWE-787 CVE-2026-20417: In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to l In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10314946 / ALPS10340155; Issue ID: MSV-5154.
nvd
CVE-2026-20414MEDIUMCVSS 6.7v15.02026-02-02
CVE-2026-20414 [MEDIUM] CWE-416 CVE-2026-20414: In imgsys, there is a possible escalation of privilege due to use after free. This could lead to loc In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625.
nvd
CVE-2026-20410MEDIUMCVSS 6.7v15.02026-02-02
CVE-2026-20410 [MEDIUM] CWE-787 CVE-2026-20410: In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760.
nvd
CVE-2026-20415MEDIUMCVSS 5.5v15.02026-02-02
CVE-2026-20415 [MEDIUM] CWE-415 CVE-2026-20415: In imgsys, there is a possible memory corruption due to improper locking. This could lead to local d In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; Issue ID: MSV-5617.
nvd
CVE-2026-20413MEDIUMCVSS 6.7v15.02026-02-02
CVE-2026-20413 [MEDIUM] CWE-1285 CVE-2026-20413: In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694.
nvd
CVE-2025-36911HIGHCVSS 7.1vAndroid kernel2026-01-15
CVE-2025-36911 [HIGH] CVE-2025-36911: In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to re In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
← Previous9 / 486Next →