CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4372 – Debian Security Advisory 5916-1
https://notcve.org/view.php?id=CVE-2025-4372
06 May 2025 — Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) An update that fixes one vulnerability is now available. This update for chromium fixes the following issues. Chromium 136.0.7103.92 Use after free in WebAudio Patch Instructions. To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0649 – Stack Exhaustion In Tensorflow Serving
https://notcve.org/view.php?id=CVE-2025-0649
06 May 2025 — Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. • https://github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4050 – Debian Security Advisory 5914-1
https://notcve.org/view.php?id=CVE-2025-4050
05 May 2025 — Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) An update that fixes four vulnerabilities is now available. This update for chromium fixes the following issues. Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4051 – Debian Security Advisory 5914-1
https://notcve.org/view.php?id=CVE-2025-4051
05 May 2025 — Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) An update that fixes four vulnerabilities is now available. This update for chromium fixes the following issues. Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4052 – Debian Security Advisory 5914-1
https://notcve.org/view.php?id=CVE-2025-4052
05 May 2025 — Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) An update that fixes four vulnerabilities is now available. This update for chromium fixes the following issues. Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-838: Inappropriate Encoding for Output Context •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4096 – Debian Security Advisory 5914-1
https://notcve.org/view.php?id=CVE-2025-4096
05 May 2025 — Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) An update that fixes four vulnerabilities is now available. This update for chromium fixes the following issues. Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46452 – WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-46452
24 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1. The Google News plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator... • https://patchstack.com/database/wordpress/plugin/google-news/vulnerability/wordpress-google-news-plugin-2-5-1-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46483 – WordPress Peadig’s Google +1 Button <= 0.1.2 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-46483
24 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Peadig’s Google +1 Button allows DOM-Based XSS. This issue affects Peadig’s Google +1 Button: from n/a through 0.1.2. The Peadig’s Google +1 Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and ... • https://patchstack.com/database/wordpress/plugin/google-1/vulnerability/wordpress-peadig-s-google-1-button-0-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46503 – WordPress Simple Google Photos Grid <= 1.5 - Server Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2025-46503
24 Apr 2025 — Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid allows Server Side Request Forgery. This issue affects Simple Google Photos Grid: from n/a through 1.5. The Simple Google Photos Grid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can... • https://patchstack.com/database/wordpress/plugin/simple-google-photos-grid/vulnerability/wordpress-simple-google-photos-grid-1-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39382 – WordPress ACF: Google Font Selector plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-39382
21 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS. This issue affects ACF: Google Font Selector: from n/a through 3.0.1. The ACF: Google Font Selector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web... • https://patchstack.com/database/wordpress/plugin/acf-google-font-selector-field/vulnerability/wordpress-acf-google-font-selector-plugin-3-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •