
CVE-2025-2713 – Improper File Permission Handling in Google gVisor runsc
https://notcve.org/view.php?id=CVE-2025-2713
28 Mar 2025 — Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork. • https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e • CWE-269: Improper Privilege Management •

CVE-2025-2783 – Google Chromium Mojo Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2025-2783
26 Mar 2025 — Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited t... • https://github.com/raulchung/CVE-2025-2783 •

CVE-2025-23964 – WordPress Google Plus Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23964
20 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Google Plus allows Reflected XSS. This issue affects Google Plus: from n/a through 1.0.2. The Google Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can success... • https://patchstack.com/database/wordpress/plugin/google-plus-google/vulnerability/wordpress-google-plus-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-2476 – Debian Security Advisory 5882-1
https://notcve.org/view.php?id=CVE-2025-2476
19 Mar 2025 — Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://github.com/McTavishSue/CVE-2025-2476 • CWE-416: Use After Free •

CVE-2025-23466 – WordPress Site Editor Google Map plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23466
18 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsiteeditor Site Editor Google Map allows Reflected XSS. This issue affects Site Editor Google Map: from n/a through 1.0.1. The Site Editor Google Map plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in p... • https://patchstack.com/database/wordpress/plugin/site-editor-google-map/vulnerability/wordpress-site-editor-google-map-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-1550 – Arbitrary Code Execution via Crafted Keras Config for Model Loading
https://notcve.org/view.php?id=CVE-2025-1550
11 Mar 2025 — The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading. • https://github.com/keras-team/keras/pull/20751 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-28860 – WordPress Google News Editors Picks Feed Generator plugin <= 2.1 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-28860
11 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator allows Stored XSS. This issue affects Google News Editors Picks Feed Generator: from n/a through 2.1. The Google News Editors Picks Feed Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject ma... • https://patchstack.com/database/wordpress/plugin/google-news-editors-picks-news-feeds/vulnerability/wordpress-google-news-editors-picks-feed-generator-plugin-2-1-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2025-28920 – WordPress Responsive Google Map plugin <= 3.1.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-28920
11 Mar 2025 — Missing Authorization vulnerability in Jogesh Responsive Google Map allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Google Map: from n/a through 3.1.5. The Responsive Google Map plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.5. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/responsive-google-map/vulnerability/wordpress-responsive-google-map-plugin-3-1-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVE-2024-56192
https://notcve.org/view.php?id=CVE-2024-56192
10 Mar 2025 — In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01 • CWE-281: Improper Preservation of Permissions •

CVE-2024-56191
https://notcve.org/view.php?id=CVE-2024-56191
10 Mar 2025 — In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01 • CWE-281: Improper Preservation of Permissions •