CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6557 – Debian Security Advisory 5952-1
https://notcve.org/view.php?id=CVE-2025-6557
24 Jun 2025 — Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 138.0.7204.49-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6556 – Debian Security Advisory 5952-1
https://notcve.org/view.php?id=CVE-2025-6556
24 Jun 2025 — Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 138.0.7204.49-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6555 – Debian Security Advisory 5952-1
https://notcve.org/view.php?id=CVE-2025-6555
24 Jun 2025 — Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 138.0.7204.49-1~deb12u1. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6192
https://notcve.org/view.php?id=CVE-2025-6192
18 Jun 2025 — Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6191
https://notcve.org/view.php?id=CVE-2025-6191
18 Jun 2025 — Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html • CWE-190: Integer Overflow or Wraparound CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5981 – Arbitrary File write in OSV-SCALIBR
https://notcve.org/view.php?id=CVE-2025-5981
18 Jun 2025 — Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images. Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images. • https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4613 – Client side RCE in Google Web Designer App
https://notcve.org/view.php?id=CVE-2025-4613
12 Jun 2025 — Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template • https://balintmagyar.com/articles/google-web-designer-path-traversal-client-side-rce-cve-2025-4613 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5959
https://notcve.org/view.php?id=CVE-2025-5959
11 Jun 2025 — Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5958
https://notcve.org/view.php?id=CVE-2025-5958
11 Jun 2025 — Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27334 – WordPress Simple Google Static Map <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-27334
05 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ángel C. Simple Google Static Map allows DOM-Based XSS. This issue affects Simple Google Static Map: from n/a through 1.0.1. The Simple Google Static Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov... • https://patchstack.com/database/wordpress/plugin/simple-google-static-map/vulnerability/wordpress-simple-google-static-map-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •