CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5064
https://notcve.org/view.php?id=CVE-2025-5064
27 May 2025 — Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5280
https://notcve.org/view.php?id=CVE-2025-5280
27 May 2025 — Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5063
https://notcve.org/view.php?id=CVE-2025-5063
27 May 2025 — Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27701
https://notcve.org/view.php?id=CVE-2025-27701
27 May 2025 — In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. • https://source.android.com/security/bulletin/pixel/2025-05-01 • CWE-476: NULL Pointer Dereference •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27700
https://notcve.org/view.php?id=CVE-2025-27700
27 May 2025 — There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2025-05-01 • CWE-693: Protection Mechanism Failure •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56193
https://notcve.org/view.php?id=CVE-2024-56193
27 May 2025 — There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2025-05-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48233 – WordPress Affiliates Manager Google reCAPTCHA Integration plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-48233
19 May 2025 — Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration allows Stored XSS. This issue affects Affiliates Manager Google reCAPTCHA Integration: from n/a through 1.0.6. The Affiliates Manager Google reCAPTCHA Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update s... • https://patchstack.com/database/wordpress/plugin/affiliates-manager-google-recaptcha-integration/vulnerability/wordpress-affiliates-manager-google-recaptcha-integration-plugin-1-0-6-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4600 – HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation
https://notcve.org/view.php?id=CVE-2025-4600
16 May 2025 — A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable. • https://cloud.google.com/support/bulletins#gcp-2025-027 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2025-4664
https://notcve.org/view.php?id=CVE-2025-4664
14 May 2025 — Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) • https://github.com/speinador/CVE-2025-4664 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1079 – RCE In Google Web Designer
https://notcve.org/view.php?id=CVE-2025-1079
12 May 2025 — Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature • https://balintmagyar.com/articles/google-web-designer-symlink-client-side-rce-cve-2025-1079 • CWE-61: UNIX Symbolic Link (Symlink) Following •