Skip to main content

Google

13978 CVEs vendor

Monthly

CVE-2025-13136 MEDIUM Monitor

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-65108 npm CRITICAL PATCH This Week

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Google RCE Code Injection Chrome
NVD GitHub
CVSS 3.1
10.0
EPSS
0.6%
CVE-2025-66063 MEDIUM This Month

Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-11808 MEDIUM This Month

The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-64751 Go MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Google Authentication Bypass Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-10703 HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache Google SAP +5
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-10702 HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache Google SAP +4
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-12545 MEDIUM This Month

The Pixel Manager for WooCommerce - Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-48593 HIGH This Month

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Android +1
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-13230 HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13229 HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13228 HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13227 HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13226 HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13224 HIGH PATCH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13223 HIGH KEV PATCH THREAT Act Now

Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks.

Memory Corruption Google Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2025-9479 MEDIUM POC Monitor

Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-13107 MEDIUM POC Monitor

Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-13102 MEDIUM Monitor

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-13097 MEDIUM POC This Month

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome Red Hat
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9126 HIGH POC This Month

Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Apple Memory Corruption Denial Of Service Use After Free +2
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-7021 MEDIUM Monitor

Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft Chrome Windows
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-7017 HIGH POC This Month

Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Race Condition Information Disclosure Chrome Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13983 MEDIUM POC This Month

Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Apple Google Chrome iOS
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-13178 MEDIUM POC Monitor

Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-11920 MEDIUM POC Monitor

Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Information Disclosure Chrome
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-11919 MEDIUM POC Monitor

Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64741 HIGH This Month

Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Meeting Software Development Kit Workplace Android
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-64292 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.6.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-12015 MEDIUM Monitor

The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). No vendor patch available.

Google Information Disclosure Linux Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the. No vendor patch available.

Google Information Disclosure Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2025-13042 HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-63289 CRITICAL This Week

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Sogexia Android
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-60722 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google Onedrive Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-11307 HIGH POC This Week

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google XSS PHP
NVD WPScan
CVSS 3.1
8.8
EPSS
7.0%
CVE-2025-12711 MEDIUM This Month

The Share to Google Classroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the share_to_google shortcode in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-12662 MEDIUM This Month

The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-12526 MEDIUM This Month

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgc_remove' action in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12729 MEDIUM PATCH Monitor

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12728 MEDIUM PATCH Monitor

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12727 HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12726 HIGH PATCH This Month

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Microsoft Privilege Escalation Chrome Windows +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12725 HIGH PATCH This Month

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Android +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12447 MEDIUM PATCH Monitor

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome Android Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12446 MEDIUM PATCH Monitor

Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12445 MEDIUM PATCH This Month

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12444 MEDIUM PATCH Monitor

Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome Red Hat Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12443 MEDIUM PATCH Monitor

Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12441 MEDIUM PATCH Monitor

Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12440 MEDIUM PATCH This Month

Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Buffer Overflow Chrome Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-12439 MEDIUM POC PATCH This Month

Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Microsoft Chrome Windows +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-12438 HIGH PATCH This Month

Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12437 HIGH PATCH This Month

Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12436 MEDIUM PATCH This Month

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome Red Hat Suse
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-12435 MEDIUM PATCH This Month

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Android Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-12434 MEDIUM PATCH Monitor

Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft Information Disclosure Chrome +2
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-12433 MEDIUM PATCH Monitor

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12432 HIGH PATCH This Month

Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12431 MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12430 HIGH PATCH This Month

Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-12429 HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-12428 HIGH PATCH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12911 MEDIUM Monitor

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12910 MEDIUM POC This Month

Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-12909 MEDIUM POC This Month

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12908 MEDIUM POC This Month

Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Android
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-12907 HIGH POC This Week

Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Chrome
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-12906 MEDIUM This Month

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-12905 MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass Chrome Windows
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-12036 HIGH PATCH This Month

Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-11756 HIGH PATCH This Month

Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-11460 HIGH PATCH This Month

Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Memory Corruption Denial Of Service Use After Free +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-11458 HIGH PATCH This Month

Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow Chrome Red Hat +1
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-11219 LOW Monitor

Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-11216 MEDIUM PATCH This Month

Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-11215 MEDIUM PATCH Monitor

Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-11213 MEDIUM PATCH This Month

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-11212 MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft Chrome Windows +1
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-11211 HIGH PATCH This Month

Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-11210 MEDIUM PATCH This Month

Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-11209 HIGH PATCH This Month

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Android Suse
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-11208 MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-11207 MEDIUM PATCH This Month

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-11206 HIGH PATCH This Month

Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow Chrome Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-11205 HIGH PATCH This Month

Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-27918 CRITICAL POC Act Now

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Apple Integer Overflow Microsoft +5
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-27917 HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Google Apple Null Pointer Dereference Microsoft +6
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-27916 HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Authentication Bypass Anydesk Android +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-48078 HIGH This Week

Cross-Site Request Forgery in the Slick Google Map WordPress plugin version 0.3 and earlier enables stored XSS attacks. An attacker can trick authenticated WordPress administrators into executing malicious requests that inject persistent JavaScript into the site, achieving cross-site scripting with changed scope impact. EPSS exploitation probability is low (0.02%, 4th percentile), and no public exploit or active exploitation has been identified at time of analysis.

Google XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM Monitor

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google Authentication Bypass +1
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH This Week

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Google RCE +2
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS +1
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Google Authentication Bypass +3
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache +7
NVD
EPSS 0% CVSS 8.6
HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache +6
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Pixel Manager for WooCommerce - Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google Information Disclosure +1
NVD
EPSS 0% CVSS 8.0
HIGH This Month

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +3
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +2
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +2
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +2
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +2
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +3
NVD
EPSS 3% CVSS 8.8
HIGH KEV PATCH THREAT Act Now

Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks.

Memory Corruption Google Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Information Disclosure +3
NVD
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Month

Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Apple Memory Corruption +4
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft +2
NVD
EPSS 0% CVSS 7.5
HIGH POC This Month

Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Race Condition Information Disclosure +2
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Apple Google +2
NVD
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 8.1
HIGH This Month

Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Meeting Software Development Kit +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.6.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google Authentication Bypass +1
NVD
EPSS 0%

In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). No vendor patch available.

Google Information Disclosure Linux +1
NVD
EPSS 0%

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the. No vendor patch available.

Google Information Disclosure Linux +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow +3
NVD
EPSS 0% CVSS 9.1
CRITICAL This Week

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Sogexia +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google Onedrive +1
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google XSS +1
NVD WPScan
EPSS 0% CVSS 6.4
MEDIUM This Month

The Share to Google Classroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the share_to_google shortcode in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgc_remove' action in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google Authentication Bypass
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow +3
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Microsoft Privilege Escalation +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +3
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +3
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Buffer Overflow Chrome +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Microsoft +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +4
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Google Denial Of Service +4
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft +4
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Information Disclosure +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +3
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
EPSS 0% CVSS 6.2
MEDIUM POC This Month

Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Chrome
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Memory Corruption +5
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Month

Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow +3
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Google Denial Of Service +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft +3
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +3
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Month

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Month

Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow +3
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Apple +7
NVD
EPSS 1% CVSS 7.5
HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Google Apple +8
NVD
EPSS 0% CVSS 7.5
HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Authentication Bypass +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery in the Slick Google Map WordPress plugin version 0.3 and earlier enables stored XSS attacks. An attacker can trick authenticated WordPress administrators into executing malicious requests that inject persistent JavaScript into the site, achieving cross-site scripting with changed scope impact. EPSS exploitation probability is low (0.02%, 4th percentile), and no public exploit or active exploitation has been identified at time of analysis.

Google XSS CSRF
NVD
Prev Page 28 of 156 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy