CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6556 – Debian Security Advisory 5952-1
https://notcve.org/view.php?id=CVE-2025-6556
24 Jun 2025 — Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 138.0.7204.49-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6555 – Debian Security Advisory 5952-1
https://notcve.org/view.php?id=CVE-2025-6555
24 Jun 2025 — Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 138.0.7204.49-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27361 – WordPress Photo Express for Google plugin <= 0.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-27361
23 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google allows Reflected XSS. This issue affects Photo Express for Google: from n/a through 0.3.2. The Photo Express for Google plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in p... • https://patchstack.com/database/wordpress/plugin/photo-express-for-google/vulnerability/wordpress-photo-express-for-google-plugin-0-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5981 – Arbitrary File write in OSV-SCALIBR
https://notcve.org/view.php?id=CVE-2025-5981
18 Jun 2025 — Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images. Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images. • https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6191 – Debian Security Advisory 5944-1
https://notcve.org/view.php?id=CVE-2025-6191
18 Jun 2025 — Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.119-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html • CWE-190: Integer Overflow or Wraparound CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6192 – Debian Security Advisory 5944-1
https://notcve.org/view.php?id=CVE-2025-6192
18 Jun 2025 — Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.119-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4613 – Client side RCE in Google Web Designer App
https://notcve.org/view.php?id=CVE-2025-4613
12 Jun 2025 — Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template • https://balintmagyar.com/articles/google-web-designer-path-traversal-client-side-rce-cve-2025-4613 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5958 – Debian Security Advisory 5942-1
https://notcve.org/view.php?id=CVE-2025-5958
11 Jun 2025 — Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.103-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5959 – Debian Security Advisory 5942-1
https://notcve.org/view.php?id=CVE-2025-5959
11 Jun 2025 — Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.103-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26590 – WordPress Complete Google Seo Scan <= 3.5.1 - SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-26590
05 Jun 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nir Complete Google Seo Scan allows SQL Injection. This issue affects Complete Google Seo Scan: from n/a through 3.5.1. The Complete Google Seo Scan plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attack... • https://patchstack.com/database/wordpress/plugin/complete-google-seo-scan/vulnerability/wordpress-complete-google-seo-scan-3-5-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •