CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0998 – Debian Security Advisory 5866-1
https://notcve.org/view.php?id=CVE-2025-0998
14 Feb 2025 — Out of bounds memory access in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26539 – WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26539
13 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petkivim Embed Google Map allows Stored XSS. This issue affects Embed Google Map: from n/a through 3.2. The Embed Google Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scri... • https://patchstack.com/database/wordpress/plugin/embed-google-map/vulnerability/wordpress-embed-google-map-plugin-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26574 – WordPress Google Drive WP Media plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26574
13 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moch Amir Google Drive WP Media allows Stored XSS. This issue affects Google Drive WP Media: from n/a through 2.4.4. The Google Drive WP Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec... • https://patchstack.com/database/wordpress/plugin/google-drive-wp-media/vulnerability/wordpress-google-drive-wp-media-plugin-2-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22497 – WordPress Simple Google Calendar Outlook Events Block Widget plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22497
11 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A.H.C. Waasdorp Simple Google Calendar Outlook Events Block Widget allows Stored XSS.This issue affects Simple Google Calendar Outlook Events Block Widget: from n/a through 2.5.0. The Simple Google Calendar Outlook Events Block Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This make... • https://patchstack.com/database/wordpress/plugin/simple-google-icalendar-widget/vulnerability/wordpress-simple-google-calendar-outlook-events-block-widget-plugin-2-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0982 – Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine)
https://notcve.org/view.php?id=CVE-2025-0982
06 Feb 2025 — Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed. • https://cloud.google.com/application-integration/docs/release-notes#January_23_2025 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0451 – Debian Security Advisory 5859-1
https://notcve.org/view.php?id=CVE-2025-0451
04 Feb 2025 — Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0445 – Debian Security Advisory 5859-1
https://notcve.org/view.php?id=CVE-2025-0445
04 Feb 2025 — Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0444 – Debian Security Advisory 5859-1
https://notcve.org/view.php?id=CVE-2025-0444
04 Feb 2025 — Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24959 – Environment Variable Injection for dotenv API in zx
https://notcve.org/view.php?id=CVE-2025-24959
03 Feb 2025 — zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through `dotenv.stringify` are particularly vulnerable. This issue has been patched in version 8.3.2. • https://github.com/google/zx/pull/1094 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20643
https://notcve.org/view.php?id=CVE-2025-20643
03 Feb 2025 — In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-1295: Debug Messages Revealing Unnecessary Information •