CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9132 – Debian Security Advisory 5981-1
https://notcve.org/view.php?id=CVE-2025-9132
20 Aug 2025 — Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), this problem has been fixed in version 139.0.7258.138-1~deb12u1. For the stable distribution (trixie), this problem has been fixed ... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_19.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54730 – WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-54730
14 Aug 2025 — Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embedder for Google Reviews: from n/a through 1.7.3. The Embedder for Google Reviews plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/embedder-for-google-reviews/vulnerability/wordpress-embedder-for-google-reviews-plugin-plugin-1-7-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8882 – Debian Security Advisory 5976-1
https://notcve.org/view.php?id=CVE-2025-8882
13 Aug 2025 — Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 139.0.7258.127-1~deb12u1. For the st... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8881 – Debian Security Advisory 5976-1
https://notcve.org/view.php?id=CVE-2025-8881
13 Aug 2025 — Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 139.0.7258.127-1~deb12u1. Fo... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html • CWE-303: Incorrect Implementation of Authentication Algorithm CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8901 – Debian Security Advisory 5976-1
https://notcve.org/view.php?id=CVE-2025-8901
13 Aug 2025 — Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 139.0.7258.127-1~deb12u1. For the stable distribution (trixie), these problems have bee... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8880 – Debian Security Advisory 5976-1
https://notcve.org/view.php?id=CVE-2025-8880
13 Aug 2025 — Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 139.0.7258.127-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in ver... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8879 – Debian Security Advisory 5976-1
https://notcve.org/view.php?id=CVE-2025-8879
13 Aug 2025 — Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 139.0.7258.127-1~deb12u1. For the stable distribution (trixie), these problems ... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8747 – Keras safe_mode bypass allows arbitrary code execution when loading a malicious model.
https://notcve.org/view.php?id=CVE-2025-8747
11 Aug 2025 — A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive. Una vulnerabilidad de omisión del modo seguro en el método `Model.load_model` en las versiones 3.0.0 a 3.10.0 de Keras permite a un atacante lograr la ejecución de código arbitrario al convencer a un usuario de cargar un archivo de modelo `.keras` especialmente diseñado. • https://github.com/keras-team/keras/pull/21429 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8576 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8576
07 Aug 2025 — Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) Use after free en extensiones de Google Chrome anteriores a la versión 139.0.7258.66 permitía a un atacante remoto explotar la corrupción del montón mediante una extensión de Chrome manipulada. (Gravedad de seguridad de Chromium: Media) An update that fixes 9 vulnerabilities is now available. Chromium was up... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8577 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8577
07 Aug 2025 — Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Una implementación inadecuada de la interfaz de usuario en Google Chrome anterior a la versión 139.0.7258.66 permitía que un atacante remoto, tras convencer a un usuario para que realizara gestos específicos de la interfaz de usuario, realizara una suplan... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •