Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

android

Source -

NVDADPCNA

CNA CVEs -

2

ADP CVEs -

425

CISA CVEs -

0

NVD CVEs -

9639
Related CVEsRelated VendorsRelated AssignersReports
9660Vulnerabilities found

CVE-2026-48295
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.17%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:33
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Insufficiently Protected Credentials (CWE-522)

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-48290
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-8.2||HIGH
EPSS-0.18% / 7.43%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:33
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Server-Side Request Forgery (SSRF) (CWE-918)

CAI Content Credentials is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-48357
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.92%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:33
Updated-16 Jul, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-48296
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.96%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-48287
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.4||HIGH
EPSS-0.14% / 3.65%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Untrusted Search Path (CWE-426)

CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-48312
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.16% / 5.42%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48351
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.99%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48302
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.96%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48354
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.92%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-48298
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.92%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-48352
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.99%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48353
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 5.04%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-15772
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.3||HIGH
EPSS-0.22% / 12.59%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:09
Updated-15 Jul, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-416
Use After Free
CVE-2026-15115
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-3.3||LOW
EPSS-0.09% / 0.52%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 22:36
Updated-09 Jul, 2026 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-15113
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.20% / 10.26%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 22:36
Updated-10 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-416
Use After Free
CVE-2026-58523
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 38.01%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 21:26
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Security Feature Bypass Vulnerability

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-284
Improper Access Control
CVE-2026-58300
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.34% / 25.92%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Information Disclosure Vulnerability

Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-36
Absolute Path Traversal
CVE-2026-58297
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.31% / 22.91%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2026-58296
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.30% / 22.24%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2026-58522
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 24.38%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Information Disclosure Vulnerability

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-58299
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.76%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Remote Code Execution Vulnerability

Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-14428
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.3||HIGH
EPSS-0.26% / 17.35%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 22:21
Updated-03 Jul, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-14401
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.3||HIGH
EPSS-0.24% / 14.69%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 22:21
Updated-03 Jul, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-14141
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 10.27%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-06 Jul, 2026 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-14140
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 10.27%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-06 Jul, 2026 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-14134
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 8.84%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-06 Jul, 2026 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-14129
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.2||MEDIUM
EPSS-0.15% / 4.94%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-01 Jul, 2026 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in PreviewTab in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-14126
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 8.84%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-06 Jul, 2026 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-14114
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.18% / 7.57%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-06 Jul, 2026 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-14106
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.6||CRITICAL
EPSS-0.25% / 16.63%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-02 Jul, 2026 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-14096
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 13.66%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-01 Jul, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-14080
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 7.85%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-06 Jul, 2026 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in TabSwitcher in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via malicious network traffic. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-14064
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.07%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-06 Jul, 2026 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-416
Use After Free
CVE-2026-14046
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 7.88%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-01 Jul, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2026-14034
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 14.23%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-01 Jul, 2026 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-284
Improper Access Control
CVE-2026-14008
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.27%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-01 Jul, 2026 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uninitialized Use in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2026-13997
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.2||MEDIUM
EPSS-0.15% / 4.94%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-01 Jul, 2026 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-13995
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.84%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-06 Jul, 2026 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-13994
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 8.84%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-06 Jul, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-13987
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 8.84%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-06 Jul, 2026 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in Mobile in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-13969
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 18.88%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-01 Jul, 2026 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uninitialized Use in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2026-13964
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.71%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-02 Jul, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-284
Improper Access Control
CVE-2026-13955
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.11% / 1.55%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-02 Jul, 2026 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-13954
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 20.79%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-01 Jul, 2026 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-284
Improper Access Control
CVE-2026-13949
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 14.81%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-02 Jul, 2026 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-284
Improper Access Control
CVE-2026-13943
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.77%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-02 Jul, 2026 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uninitialized Use in CSS in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2026-13941
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.84%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-02 Jul, 2026 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in SiteSettings in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-13939
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.1||LOW
EPSS-0.22% / 12.32%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-02 Jul, 2026 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-13927
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.12% / 2.21%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-02 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-13910
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.85%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-06 Jul, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-693
Protection Mechanism Failure
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 193
  • 194
  • Next