CVSS: 5.0EPSS: %CPEs: 1EXPL: 0CVE-2025-4664
https://notcve.org/view.php?id=CVE-2025-4664
14 May 2025 — Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1079 – RCE In Google Web Designer
https://notcve.org/view.php?id=CVE-2025-1079
12 May 2025 — Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature • https://balintmagyar.com/articles/google-web-designer-symlink-client-side-rce-cve-2025-1079 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4372 – Debian Security Advisory 5916-1
https://notcve.org/view.php?id=CVE-2025-4372
06 May 2025 — Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0649 – Stack Exhaustion In Tensorflow Serving
https://notcve.org/view.php?id=CVE-2025-0649
06 May 2025 — Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. • https://github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4050 – Debian Security Advisory 5914-1
https://notcve.org/view.php?id=CVE-2025-4050
05 May 2025 — Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4051 – Debian Security Advisory 5914-1
https://notcve.org/view.php?id=CVE-2025-4051
05 May 2025 — Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4052 – Debian Security Advisory 5914-1
https://notcve.org/view.php?id=CVE-2025-4052
05 May 2025 — Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-838: Inappropriate Encoding for Output Context •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4096 – Debian Security Advisory 5914-1
https://notcve.org/view.php?id=CVE-2025-4096
05 May 2025 — Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46452 – WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-46452
24 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1. The Google News plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator... • https://patchstack.com/database/wordpress/plugin/google-news/vulnerability/wordpress-google-news-plugin-2-5-1-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46483 – WordPress Peadig’s Google +1 Button <= 0.1.2 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-46483
24 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Peadig’s Google +1 Button allows DOM-Based XSS. This issue affects Peadig’s Google +1 Button: from n/a through 0.1.2. The Peadig’s Google +1 Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and ... • https://patchstack.com/database/wordpress/plugin/google-1/vulnerability/wordpress-peadig-s-google-1-button-0-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •