CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9126
https://notcve.org/view.php?id=CVE-2024-9126
14 Nov 2025 — Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13102
https://notcve.org/view.php?id=CVE-2025-13102
14 Nov 2025 — Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11919
https://notcve.org/view.php?id=CVE-2024-11919
14 Nov 2025 — Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11920
https://notcve.org/view.php?id=CVE-2024-11920
14 Nov 2025 — Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13983
https://notcve.org/view.php?id=CVE-2024-13983
14 Nov 2025 — Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9479
https://notcve.org/view.php?id=CVE-2025-9479
14 Nov 2025 — Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_25.html • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13097
https://notcve.org/view.php?id=CVE-2025-13097
14 Nov 2025 — Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66063 – WordPress WP Google Review Slider plugin <= 17.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-66063
14 Nov 2025 — Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Google Review Slider: from n/a through <= 17.4. The WP Google Review Slider plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 17.4. This makes it possible for authenticated attackers, with Subscriber-level access and abo... • https://vdp.patchstack.com/database/Wordpress/Plugin/wp-google-places-review-slider/vulnerability/wordpress-wp-google-review-slider-plugin-17-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13042 – Debian Security Advisory 6055-1
https://notcve.org/view.php?id=CVE-2025-13042
12 Nov 2025 — Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), this problem has been fixed in version 142.0.7444.162-1~deb12u1. For the stable distribution (trixie), this problem has bee... • https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_11.html •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2025-12155 – Command Injection in Looker
https://notcve.org/view.php?id=CVE-2025-12155
10 Nov 2025 — A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all support... • https://cloud.google.com/support/bulletins#gcp-2025-052 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •