CVSS: 7.5EPSS: 30%CPEs: 2EXPL: 0NotCVE-2025-0004 – Symlink Race in Go os.RemoveAll Allows Privileged File Deletion
https://notcve.org/view.php?id=NotCVE-2025-0004
30 Jun 2025 — The Go standard library function os.RemoveAll prior to Go 1.21.11 and 1.22.4 performs recursive directory deletion in a manner susceptible to a time-of-check/time-of-use (TOCTOU) race. An attacker able to swap the target directory with a symbolic link during deletion may redirect the traversal to unintended filesystem locations, allowing deletion of arbitrary files or directories. This behavior impacts any Go programs that perform recursive deletes on user-controlled paths without additional safeguards. Al... • https://github.com/kubernetes/kubernetes/issues/132267 • CWE-363: Race Condition Enabling Link Following •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6557 – Debian Security Advisory 5952-1
https://notcve.org/view.php?id=CVE-2025-6557
24 Jun 2025 — Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 138.0.7204.49-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6556 – Debian Security Advisory 5952-1
https://notcve.org/view.php?id=CVE-2025-6556
24 Jun 2025 — Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 138.0.7204.49-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6555 – Debian Security Advisory 5952-1
https://notcve.org/view.php?id=CVE-2025-6555
24 Jun 2025 — Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 138.0.7204.49-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6192
https://notcve.org/view.php?id=CVE-2025-6192
18 Jun 2025 — Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6191
https://notcve.org/view.php?id=CVE-2025-6191
18 Jun 2025 — Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html • CWE-190: Integer Overflow or Wraparound CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5981 – Arbitrary File write in OSV-SCALIBR
https://notcve.org/view.php?id=CVE-2025-5981
18 Jun 2025 — Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images. Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images. • https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4613 – Client side RCE in Google Web Designer App
https://notcve.org/view.php?id=CVE-2025-4613
12 Jun 2025 — Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template • https://balintmagyar.com/articles/google-web-designer-path-traversal-client-side-rce-cve-2025-4613 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5959
https://notcve.org/view.php?id=CVE-2025-5959
11 Jun 2025 — Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5958
https://notcve.org/view.php?id=CVE-2025-5958
11 Jun 2025 — Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •