Vulnerabilities in Google

5,229 results
Vexday analysis

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2025-36927HIGHIn GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could lead to lEPSS 0.1%CVE-2023-21376MEDIUMIn Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosurEPSS 0.1%CVE-2025-36932HIGHIn tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validatiEPSS 0.1%CVE-2025-48644MEDIUMIn multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial ofEPSS 0.1%CVE-2024-29755MEDIUMIn tmu_get_pi of tmu.c, there is a possible out of bounds read due to improper input validation. This could lead to local information discloEPSS 0.1%CVE-2025-48620HIGHIn onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application's component name to pEPSS 0.1%CVE-2025-22409HIGHIn rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to localEPSS 0.1%CVE-2024-27225MEDIUMIn sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local informEPSS 0.1%CVE-2018-9407MEDIUMIn emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information DisclosEPSS 0.1%CVE-2024-29747MEDIUMIn _dvfs_get_lv of dvfs.c, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosuEPSS 0.1%CVE-2025-22427HIGHIn onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due tEPSS 0.1%CVE-2025-32324HIGHIn onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead toEPSS 0.1%CVE-2023-21308In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no EPSS 0.1%CVE-2025-48528MEDIUMIn multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalationEPSS 0.1%CVE-2023-21319In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead tEPSS 0.1%CVE-2023-21307In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissiEPSS 0.1%CVE-2025-22437HIGHIn setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in EPSS 0.1%CVE-2025-48636HIGHIn openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. ThEPSS 0.1%CVE-2023-21327In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel infoEPSS 0.1%CVE-2023-21316In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disEPSS 0.1%