Skip to main content

Google

13978 CVEs vendor

Monthly

CVE-2025-7892 LOW POC Monitor

IDnow App for Android up to version 9.6.0 improperly exports application components via AndroidManifest.xml misconfiguration, allowing local attackers with user-level privileges to access sensitive functionality or information disclosure. The vulnerability is classified as low severity (CVSS 1.9) with publicly available exploit code, but the vendor has not responded to disclosure and no patch has been released. While exploitation requires local device access and legitimate app installation, the improper component export could enable privilege escalation or data theft when combined with other vulnerabilities.

Information Disclosure Google Idnow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-7891 LOW POC Monitor

InstantBits Web Video Cast on Android versions up to 5.12.4 improperly exports application components via AndroidManifest.xml configuration, allowing local attackers with user privileges to access sensitive functionality without authentication. The vulnerability has a CVSS score of 1.9 with low confidentiality impact and no integrity or availability impact, but is rated problematic due to the disclosure of exploitation techniques and vendor non-responsiveness. This is a local, low-severity information disclosure issue affecting only users with direct device access.

Information Disclosure Google Web Video Cast
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-7890 LOW POC Monitor

Dunamu StockPlus Android app versions up to 7.62.10 improperly export application components via AndroidManifest.xml configuration, allowing local attackers with low privileges to access sensitive functionality. The vulnerability requires local device access and affects the com.dunamu.stockplus component, resulting in limited information disclosure. Publicly available exploit code exists, and the vendor did not respond to early disclosure notification.

Information Disclosure Google Stockplus
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-7889 LOW POC Monitor

CallApp Caller ID App versions up to 2.0.4 on Android improperly export application components via AndroidManifest.xml misconfiguration, allowing local authenticated attackers to access sensitive functionality with limited information disclosure impact. The vulnerability has been publicly disclosed with exploit code available, though the CVSS score of 1.9 and EPSS of 0.03% indicate minimal real-world exploitation risk despite public POC availability.

Information Disclosure Google Callapp
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-54030 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WesternDeal WooCommerce Google Sheet Connector plugin versions up to 1.3.20 allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated WordPress administrators. The plugin fails to implement proper CSRF token validation on critical functionality, enabling attackers to craft malicious requests that execute actions without explicit user consent. Although EPSS scoring indicates low exploitation probability (0.02%), CSRF vulnerabilities targeting WordPress admin functions represent a meaningful risk in multi-admin environments where social engineering can trick administrators into visiting attacker-controlled pages.

WordPress CSRF Google
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-47964 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Google Information Disclosure Edge Chromium Chrome
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47963 MEDIUM PATCH This Month

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Microsoft Google Authentication Bypass Edge Chromium Chrome
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-47182 MEDIUM PATCH This Month

Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

Microsoft Google Authentication Bypass Edge Chromium Chrome
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-43856 HIGH PATCH This Week

Immich versions prior to 1.132.0 are vulnerable to account hijacking through OAuth2 state parameter validation bypass (CWE-303). An attacker can perform unauthorized account linkage by exploiting missing state parameter verification, allowing them to hijack victim accounts through crafted OAuth login URLs or hidden iframes embedded in malicious webpages. This vulnerability is particularly dangerous when OAuth providers are publicly accessible, and affected users can be compromised without direct interaction if the /user-settings redirect_uri is configured.

Google CSRF
NVD GitHub
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-38324 MEDIUM PATCH This Month

CVE-2025-38324 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Google Linux Information Disclosure Debian Debian Linux +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38273 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipc_aead_encrypt syzbot reported a refcount warning [1] caused by calling get_net() on a network namespace that is being destroyed (refcount=0). This happens when a TIPC discovery timer fires during network namespace cleanup. The recently added get_net() call in commit e279024617134 ("net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done") attempts to hold a reference to the network namespace. However, if the namespace is already being destroyed, its refcount might be zero, leading to the use-after-free warning. Replace get_net() with maybe_get_net(), which safely checks if the refcount is non-zero before incrementing it. If the namespace is being destroyed, return -ENODEV early, after releasing the bearer reference. [1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2

Google Linux Information Disclosure Ubuntu Debian +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-0141 HIGH PATCH This Week

CVE-2025-0141 is a security vulnerability (CVSS 8.4) that allows a locally authenticated non administrative user. High severity vulnerability requiring prompt remediation.

Microsoft Google Paloalto Apple Privilege Escalation +4
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-0140 MEDIUM PATCH This Month

CVE-2025-0140 is a security vulnerability (CVSS 6.8) that allows a locally authenticated non administrative user. Remediation should follow standard vulnerability management procedures.

Microsoft Google Paloalto Information Disclosure Apple +4
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-38250 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor...

Linux Use After Free Google Information Disclosure Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38245 HIGH PATCH This Week

CVE-2025-38245 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Google Linux Information Disclosure Ubuntu Debian +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7327 HIGH PATCH This Week

The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.

PHP Google RCE Path Traversal WordPress +3
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-20695 MEDIUM This Month

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.

Denial Of Service Software Development Kit Android Openwrt Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20694 MEDIUM This Month

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.

Denial Of Service Software Development Kit Android Openwrt Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20693 MEDIUM This Month

In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.

Information Disclosure Buffer Overflow Yocto Openwrt Software Development Kit +2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6044 MEDIUM PATCH This Month

An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.

Google Authentication Bypass Chrome Os Chrome
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-38230 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Google Linux Denial Of Service Ubuntu Debian +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38227 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent process of initialization failure syzbot reported a slab-use-after-free Read in vidtv_mux_init. [1] After PSI initialization fails, the si member is accessed again, resulting in this uaf. After si initialization fails, the subsequent process needs to be exited. [1] BUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline] BUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524 Read of size 8 at addr ffff88802fa42acc by task syz.2.37/6059 CPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xd9/0x110 mm/kasan/report.c:634 vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524 vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194 vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239 dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973 dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline] dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537 dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564 dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline] dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246 __fput+0x3ff/0xb70 fs/file_table.c:464 task_work_run+0x14e/0x250 kernel/task_work.c:227 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0xad8/0x2d70 kernel/exit.c:938 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087 __do_sys_exit_group kernel/exit.c:1098 [inline] __se_sys_exit_group kernel/exit.c:1096 [inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096 x64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f871d58d169 Code: Unable to access opcode bytes at 0x7f871d58d13f. RSP: 002b:00007fff4b19a788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f871d58d169 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fff4b19a7ec R08: 0000000b4b19a87f R09: 00000000000927c0 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003 R13: 00000000000927c0 R14: 000000000001d553 R15: 00007fff4b19a840 </TASK> Allocated by task 6059: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394 kmalloc_noprof include/linux/slab.h:901 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] vidtv_psi_pat_table_init drivers/media/test-drivers/vidtv/vidtv_psi.c:970 vidtv_channel_si_init drivers/media/test-drivers/vidtv/vidtv_channel.c:423 vidtv_mux_init drivers/media/test-drivers/vidtv/vidtv_mux.c:519 vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194 vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239 dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973 dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline] dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537 dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564 dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline] dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246 __fput+0x3ff/0xb70 fs/file_tabl ---truncated---

Linux Use After Free Google Information Disclosure Memory Corruption +6
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38212 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() is protected by rwsem, but this is not enough. If it is not protected by RCU read-critical region, when idr_for_each() calls radix_tree_node_free() through call_rcu() to free the radix_tree_node structure, the node will be freed immediately, and when reading the next node in radix_tree_for_each_slot(), the already freed memory may be read. Therefore, we need to add code to make sure that idr_for_each() is protected within the RCU read-critical region when we call it in shm_destroy_orphaned().

Linux Use After Free Google Information Disclosure Memory Corruption
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38207 MEDIUM PATCH This Month

CVE-2025-38207 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Google Linux Information Disclosure Ubuntu Debian +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38196 MEDIUM PATCH This Month

CVE-2025-38196 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Google Linux Information Disclosure Ubuntu Debian +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38185 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Free invalid length skb in atmtcp_c_send(). syzbot reported the splat below. [0] vcc_sendmsg() copies data passed from userspace to skb and passes it to vcc->dev->ops->send(). atmtcp_c_send() accesses skb->data as struct atmtcp_hdr after checking if skb->len is 0, but it's not enough. Also, when skb->len == 0, skb and sk (vcc) were leaked because dev_kfree_skb() is not called and sk_wmem_alloc adjustment is missing to revert atm_account_tx() in vcc_sendmsg(), which is expected to be done in atm_pop_raw(). Let's properly free skb with an invalid length in atmtcp_c_send(). [0]: BUG: KMSAN: uninit-value in atmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294 atmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294 vcc_sendmsg+0xd7c/0xff0 net/atm/common.c:644 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:727 ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620 __sys_sendmsg net/socket.c:2652 [inline] __do_sys_sendmsg net/socket.c:2657 [inline] __se_sys_sendmsg net/socket.c:2655 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655 x64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4154 [inline] slab_alloc_node mm/slub.c:4197 [inline] kmem_cache_alloc_node_noprof+0x818/0xf00 mm/slub.c:4249 kmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:579 __alloc_skb+0x347/0x7d0 net/core/skbuff.c:670 alloc_skb include/linux/skbuff.h:1336 [inline] vcc_sendmsg+0xb40/0xff0 net/atm/common.c:628 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:727 ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620 __sys_sendmsg net/socket.c:2652 [inline] __do_sys_sendmsg net/socket.c:2657 [inline] __se_sys_sendmsg net/socket.c:2655 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655 x64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 1 UID: 0 PID: 5798 Comm: syz-executor192 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(undef) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025

Google Linux Information Disclosure Ubuntu Debian +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38129 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline] _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline] page_pool_recycle_in_ring net/core/page_pool.c:707 [inline] page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826 page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline] page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline] napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036 skb_pp_recycle net/core/skbuff.c:1047 [inline] skb_free_head net/core/skbuff.c:1094 [inline] skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1263 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline] root cause is: page_pool_recycle_in_ring ptr_ring_produce spin_lock(&r->producer_lock); WRITE_ONCE(r->queue[r->producer++], ptr) //recycle last page to pool page_pool_release page_pool_scrub page_pool_empty_ring ptr_ring_consume page_pool_return_page //release all page __page_pool_destroy free_percpu(pool->recycle_stats); free(pool) //free spin_unlock(&r->producer_lock); //pool->ring uaf read recycle_stat_inc(pool, ring); page_pool can be free while page pool recycle the last page in ring. Add producer-lock barrier to page_pool_release to prevent the page pool from being free before all pages have been recycled. recycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not enabled, which will trigger Wempty-body build warning. Add definition for pool stat macro to fix warning.

Linux Use After Free Google Information Disclosure Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38117 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmt_pending list with its own lock This uses a mutex to protect from concurrent access of mgmt_pending list which can cause crashes like: ================================================================== BUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91 Read of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318 CPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 print_address_description+0xa8/0x254 mm/kasan/report.c:408 print_report+0x68/0x84 mm/kasan/report.c:521 kasan_report+0xb0/0x110 mm/kasan/report.c:634 __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379 hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91 mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223 pending_find net/bluetooth/mgmt.c:947 [inline] remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445 hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712 hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg net/socket.c:727 [inline] sock_write_iter+0x25c/0x378 net/socket.c:1131 new_sync_write fs/read_write.c:591 [inline] vfs_write+0x62c/0x97c fs/read_write.c:684 ksys_write+0x120/0x210 fs/read_write.c:736 __do_sys_write fs/read_write.c:747 [inline] __se_sys_write fs/read_write.c:744 [inline] __arm64_sys_write+0x7c/0x90 fs/read_write.c:744 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Allocated by task 7037: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4327 [inline] __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339 kmalloc_noprof include/linux/slab.h:909 [inline] sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198 sk_alloc+0x44/0x3ac net/core/sock.c:2254 bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148 hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202 bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132 __sock_create+0x43c/0x91c net/socket.c:1541 sock_create net/socket.c:1599 [inline] __sys_socket_create net/socket.c:1636 [inline] __sys_socket+0xd4/0x1c0 net/socket.c:1683 __do_sys_socket net/socket.c:1697 [inline] __se_sys_socket net/socket.c:1695 [inline] __arm64_sys_socket+0x7c/0x94 net/socket.c:1695 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Freed by task 6607: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline ---truncated---

Linux Use After Free Denial Of Service Google Memory Corruption +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-34092 CRITICAL PATCH Act Now

Rejected reason: Neither filed by Chrome nor a valid security vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 4.0
9.3
CVE-2025-34091 HIGH PATCH This Week

Rejected reason: Neither filed by Chrome nor a valid security vulnerability. Rated high severity (CVSS 8.8). No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 4.0
8.8
CVE-2025-34090 CRITICAL PATCH Act Now

Rejected reason: Neither filed by Chrome nor a valid security vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 4.0
9.3
CVE-2025-49713 HIGH POC PATCH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Microsoft Google Memory Corruption Authentication Bypass Edge Chromium +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-49741 HIGH POC PATCH This Week

A security vulnerability in No cwe for this (CVSS 7.4) that allows an unauthorized attacker. Risk factors: public PoC available.

Microsoft Google Information Disclosure Edge Chromium Chrome
NVD Exploit-DB
CVSS 3.1
7.4
EPSS
0.9%
CVE-2025-45083 MEDIUM This Month

CVE-2025-45083 is a security vulnerability (CVSS 6.1) that allows attackers. Remediation should follow standard vulnerability management procedures.

Google Apple Authentication Bypass Android iOS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-6554 HIGH POC KEV PATCH THREAT Act Now

Chrome's V8 engine contains a type confusion vulnerability (CVE-2025-6554, CVSS 8.1) enabling arbitrary read/write operations through crafted HTML pages. KEV-listed with public PoC, type confusion in V8 is the most reliable class of browser exploitation primitives, providing full memory read/write capability for code execution within the renderer sandbox.

Google Information Disclosure Memory Corruption Debian Chrome +2
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
Threat
4.6
CVE-2025-38084 MEDIUM PATCH This Month

CVE-2025-38084 is a security vulnerability (CVSS 5.5) that allows racing vma-locked page faults. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Google Linux Information Disclosure Ubuntu Debian +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-53263 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms allows Cross Site Request Forgery. This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through 1.3.4.

Google CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-27361 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google allows Reflected XSS. This issue affects Photo Express for Google: from n/a through 0.3.2.

Google XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-6748 LOW POC Monitor

A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
0.9
EPSS
0.0%
CVE-2025-52883 MEDIUM PATCH This Month

A security vulnerability in Meshtastic-Android (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-6557 MEDIUM PATCH This Month

Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

Microsoft Google XSS RCE Ubuntu +4
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-6556 MEDIUM PATCH This Month

A remote code execution vulnerability in Loader in Google Chrome (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Google Authentication Bypass Ubuntu Debian Chrome +1
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-6555 MEDIUM PATCH This Month

Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Google Use After Free Memory Corruption Denial Of Service Ubuntu +3
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-52882 npm PATCH Monitor

Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages. Claude Code for VSCode IDE extensions versions 0.2.116 through 1.0.23 are vulnerable. For Jetbrains IDE plugins, Claude Code [beta] versions 0.1.1 through 0.1.8 are vulnerable. In VSCode (and forks), exploitation would allow an attacker to read arbitrary files, see the list of files open in the IDE, get selection and diagnostics events from the IDE, or execute code in limited situations where a user has an open Jupyter Notebook and accepts a malicious prompt. In JetBrains IDEs, an attacker could get selection events, a list of open files, and a list of syntax errors. Claude released a patch for this issue on June 13th, 2025. Although Claude Code auto-updates when a user launch it and auto-updates the extensions, users should take the following steps, though the exact steps depend on one's integrated development environment (IDE). For VSCode, Cursor, Windsurf, VSCodium, and other VSCode forks, check the extension Claude Code for VSCode. Open the list of Extensions (View->Extensions), look for Claude Code for VSCode among installed extensions, update or uninstall any version prior to 1.0.24, and restart the IDE. For JetBrains IDEs including IntelliJ, PyCharm, and Android Studio, check the plugin Claude Code [Beta]. Open the Plugins list, look for Claude Code [Beta] among installed extensions, update or uninstall any version prior to 0.1.9, and restart the IDE.

Google RCE Android
NVD GitHub
EPSS
0.1%
CVE-2025-6431 MEDIUM PATCH This Month

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

Mozilla Google Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6428 MEDIUM POC PATCH This Month

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

Google Mozilla Open Redirect
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32875 MEDIUM This Month

An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack.

Authentication Bypass Google Android
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-6201 MEDIUM This Month

The Pixel Manager for WooCommerce - Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's conversion-pixel in all versions up to, and including, 1.49.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Google PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-6192 HIGH PATCH This Week

Use-after-free vulnerability in Google Chrome's Metrics component that allows remote attackers to exploit heap corruption and achieve arbitrary code execution through a crafted HTML page. The vulnerability affects Chrome versions prior to 137.0.7151.119 and requires only user interaction (clicking a link/viewing a page) with no special privileges. This is a high-severity remote code execution vector with active exploitation risk given the ubiquity of Chrome and the low attack complexity.

Use After Free Memory Corruption Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-6191 HIGH PATCH This Week

High-severity integer overflow vulnerability in the V8 JavaScript engine within Google Chrome that enables out-of-bounds memory access through a maliciously crafted HTML page. The vulnerability affects Chrome versions prior to 137.0.7151.119 and requires only user interaction (clicking a link, visiting a page) with no special privileges needed. Successful exploitation allows attackers to read sensitive data, modify content, or crash the browser with a CVSS score of 8.8.

Buffer Overflow Google Integer Overflow Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2022-50224 MEDIUM PATCH This Month

CVE-2022-50224 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Google Ubuntu Debian +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49983 MEDIUM PATCH This Month

CVE-2022-49983 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Google Ubuntu Debian +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49976 MEDIUM PATCH This Month

CVE-2022-49976 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Microsoft Linux Information Disclosure Google Ubuntu +6
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49960 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix null pointer dereference Asus chromebook CX550 crashes during boot on v5.17-rc1 kernel. The root cause is null pointer defeference of bi_next in tgl_get_bw_info() in drivers/gpu/drm/i915/display/intel_bw.c. BUG: kernel NULL pointer dereference, address: 000000000000002e PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 1 Comm: swapper/0 Tainted: G U 5.17.0-rc1 Hardware name: Google Delbin/Delbin, BIOS Google_Delbin.13672.156.3 05/14/2021 RIP: 0010:tgl_get_bw_info+0x2de/0x510 ... [ 2.554467] Call Trace: [ 2.554467] <TASK> [ 2.554467] intel_bw_init_hw+0x14a/0x434 [ 2.554467] ? _printk+0x59/0x73 [ 2.554467] ? _dev_err+0x77/0x91 [ 2.554467] i915_driver_hw_probe+0x329/0x33e [ 2.554467] i915_driver_probe+0x4c8/0x638 [ 2.554467] i915_pci_probe+0xf8/0x14e [ 2.554467] ? _raw_spin_unlock_irqrestore+0x12/0x2c [ 2.554467] pci_device_probe+0xaa/0x142 [ 2.554467] really_probe+0x13f/0x2f4 [ 2.554467] __driver_probe_device+0x9e/0xd3 [ 2.554467] driver_probe_device+0x24/0x7c [ 2.554467] __driver_attach+0xba/0xcf [ 2.554467] ? driver_attach+0x1f/0x1f [ 2.554467] bus_for_each_dev+0x8c/0xc0 [ 2.554467] bus_add_driver+0x11b/0x1f7 [ 2.554467] driver_register+0x60/0xea [ 2.554467] ? mipi_dsi_bus_init+0x16/0x16 [ 2.554467] i915_init+0x2c/0xb9 [ 2.554467] ? mipi_dsi_bus_init+0x16/0x16 [ 2.554467] do_one_initcall+0x12e/0x2b3 [ 2.554467] do_initcall_level+0xd6/0xf3 [ 2.554467] do_initcalls+0x4e/0x79 [ 2.554467] kernel_init_freeable+0xed/0x14d [ 2.554467] ? rest_init+0xc1/0xc1 [ 2.554467] kernel_init+0x1a/0x120 [ 2.554467] ret_from_fork+0x1f/0x30 [ 2.554467] </TASK> ... Kernel panic - not syncing: Fatal exception (cherry picked from commit c247cd03898c4c43c3bce6d4014730403bc13032)

Null Pointer Dereference Linux Denial Of Service Google Ubuntu +5
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49947 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: binder: fix alloc->vma_vm_mm null-ptr dereference Syzbot reported a couple issues introduced by commit 44e602b4e52f ("binder_alloc: add missing mmap_lock calls when using the VMA"), in which we attempt to acquire the mmap_lock when alloc->vma_vm_mm has not been initialized yet. This can happen if a binder_proc receives a transaction without having previously called mmap() to setup the binder_proc->alloc space in [1]. Also, a similar issue occurs via binder_alloc_print_pages() when we try to dump the debugfs binder stats file in [2]. Sample of syzbot's crash report: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f] CPU: 0 PID: 3755 Comm: syz-executor229 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 syz-executor229[3755] cmdline: ./syz-executor2294415195 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:__lock_acquire+0xd83/0x56d0 kernel/locking/lockdep.c:4923 [...] Call Trace: <TASK> lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 down_read+0x98/0x450 kernel/locking/rwsem.c:1499 mmap_read_lock include/linux/mmap_lock.h:117 [inline] binder_alloc_new_buf_locked drivers/android/binder_alloc.c:405 [inline] binder_alloc_new_buf+0xa5/0x19e0 drivers/android/binder_alloc.c:593 binder_transaction+0x242e/0x9a80 drivers/android/binder.c:3199 binder_thread_write+0x664/0x3220 drivers/android/binder.c:3986 binder_ioctl_write_read drivers/android/binder.c:5036 [inline] binder_ioctl+0x3470/0x6d00 drivers/android/binder.c:5323 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd [...] ================================================================== Fix these issues by setting up alloc->vma_vm_mm pointer during open() and caching directly from current->mm. This guarantees we have a valid reference to take the mmap_lock during scenarios described above. [1] https://syzkaller.appspot.com/bug?extid=f7dc54e5be28950ac459 [2] https://syzkaller.appspot.com/bug?extid=a75ebe0452711c9e56d9

Null Pointer Dereference Linux Denial Of Service Google Ubuntu +5
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-1088 Go LOW PATCH Monitor

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

Grafana Information Disclosure Google Ubuntu Debian +1
NVD GitHub
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-6179 CRITICAL POC Act Now

Critical permissions bypass vulnerability in Google Chrome OS 16181.27.0 that allows local attackers to disable extensions and gain unauthorized access to Developer Mode on managed Chrome devices. The vulnerability is exploited using the ExtHang3r and ExtPrint3r tools to load arbitrary extensions, affecting enterprise-managed deployments with a CVSS score of 9.8 (critical severity). Active exploitation status and proof-of-concept availability should be verified through CISA KEV and security advisories.

Privilege Escalation Google Denial Of Service Chrome Os Chrome
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-6177 HIGH This Week

Local privilege escalation vulnerability in Google ChromeOS MiniOS that allows unauthenticated attackers to achieve root code execution by exploiting an accessible debug shell (VT3 console) through specific key combinations during developer mode entry, circumventing device policy restrictions and Firmware Write Protect mechanisms. This vulnerability affects ChromeOS version 16063.45.2 and potentially other versions on enrolled devices, with a CVSS score of 7.4 indicating high severity. The attack requires local access and specific technical knowledge of key sequences, but no user interaction is needed once device access is obtained.

RCE Privilege Escalation Google Chrome Os Chrome
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-2091 MEDIUM PATCH This Month

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.

Apple Open Redirect Google M Files Mobile Android +1
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-22854 MEDIUM PATCH This Month

CVE-2025-22854 is a security vulnerability (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-4613 HIGH POC PATCH This Week

Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.

RCE Path Traversal Google Windows Web Designer
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-5959 HIGH PATCH This Week

Type confusion vulnerability in Google Chrome's V8 JavaScript engine that enables remote code execution within the Chrome sandbox prior to version 137.0.7151.103. An attacker can exploit this via a crafted HTML page by tricking a user into visiting a malicious website, achieving arbitrary code execution with high severity impact (CVSS 8.8). The vulnerability's network-based attack vector, low complexity, and requirement only for user interaction make it a practical exploitation target.

RCE Memory Corruption Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-5958 HIGH PATCH This Week

Use-after-free vulnerability in Google Chrome's Media component that allows remote attackers to corrupt heap memory and achieve arbitrary code execution through a crafted HTML page. All Chrome versions prior to 137.0.7151.103 are affected. The vulnerability requires user interaction (clicking/viewing the malicious page) but can lead to complete system compromise with high impact on confidentiality, integrity, and availability.

Use After Free Memory Corruption Google RCE Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-36852 npm CRITICAL POC Act Now

CVE-2025-36852 is a security vulnerability (CVSS 9.4) that allows any contributor with pull request privileges. Critical severity with potential for significant impact on affected systems.

Authentication Bypass Google
NVD GitHub
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-49006 HIGH PATCH This Week

Wasp framework versions prior to 0.16.6 contain a critical OAuth/OpenID Connect implementation flaw where user IDs are improperly lowercased before storage and authentication, violating specification requirements. This affects only Keycloak deployments configured with case-sensitive user IDs, enabling attackers to impersonate users, trigger account collisions, and escalate privileges. While the CVSS score of 8.2 reflects high integrity impact, real-world risk is constrained to Keycloak with specific non-default configuration, and no public exploit or KEV designation has been reported.

Node.js Privilege Escalation Google
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-27334 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ángel C. Simple Google Static Map allows DOM-Based XSS. This issue affects Simple Google Static Map: from n/a through 1.0.1.

XSS Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-26590 HIGH This Week

SQL Injection vulnerability in Nir Complete Google SEO Scan plugin (versions up to 3.5.1) that allows authenticated attackers with high privileges to execute arbitrary SQL commands against the database. While the CVSS score is 7.6 (high), the attack requires administrative credentials and does not enable data modification, limiting real-world impact to information disclosure and service degradation. No active exploitation in the wild has been confirmed at this time.

SQLi Google
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-5715 LOW POC Monitor

A security vulnerability in A vulnerability (CVSS 3.8). Risk factors: public PoC available.

Information Disclosure Google
NVD VulDB
CVSS 4.0
0.3
EPSS
0.1%
CVE-2025-30360 npm MEDIUM POC PATCH This Month

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The `Origin` header is checked to prevent Cross-site WebSocket hijacking from happening, which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address `Origin` headers. This allows websites that are served on IP addresses to connect WebSocket. An attacker can obtain source code via a method similar to that used to exploit CVE-2018-14732. Version 5.2.1 contains a patch for the issue.

Information Disclosure Google Webpack Dev Server Chrome Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31712 MEDIUM This Month

In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.

Buffer Overflow Denial Of Service Android Google
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-31711 MEDIUM This Month

In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.

Null Pointer Dereference Denial Of Service Android Google
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-31710 MEDIUM This Month

In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.

Privilege Escalation Command Injection Android Google
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-27038 HIGH KEV THREAT Act Now

Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory corruption during graphics rendering. KEV-listed, this vulnerability can be triggered through Chrome on Android devices with Qualcomm chipsets, providing a kernel-level exploitation path from web content.

Memory Corruption Google Denial Of Service Fastconnect 7800 Firmware Smart Audio 400 Platform Firmware +41
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2025-5419 HIGH POC KEV PATCH THREAT Act Now

Chrome's V8 JavaScript engine contains an out-of-bounds read and write vulnerability (CVE-2025-5419, CVSS 8.8) enabling remote heap corruption through crafted HTML pages. KEV-listed with EPSS 3.0% and public PoC, this vulnerability provides both read and write primitives in V8's heap, making it highly reliable for exploitation.

Google Heap Overflow Memory Corruption Chrome Edge Chromium +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
Threat
4.9
CVE-2025-5068 HIGH PATCH This Week

A security vulnerability in Blink in Google Chrome (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Use After Free Memory Corruption Google Heap Overflow Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48883 PHP MEDIUM PATCH This Month

Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google PHP XSS Chrome
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-13917 HIGH This Week

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google RCE
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2024-13916 MEDIUM This Month

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13915 MEDIUM This Month

Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2571 Go MEDIUM PATCH This Month

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Google Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-4944 MEDIUM This Month

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-5334 HIGH This Month

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Google Authentication Bypass Apple Remote Desktop Manager +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-5283 MEDIUM PATCH This Month

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +2
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-5281 MEDIUM PATCH This Month

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-5280 HIGH PATCH This Month

Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-5067 MEDIUM PATCH This Month

Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-5066 MEDIUM PATCH This Month

Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5065 MEDIUM PATCH This Month

Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5064 MEDIUM PATCH This Month

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-5063 HIGH PATCH This Month

Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
EPSS 0% CVSS 1.9
LOW POC Monitor

IDnow App for Android up to version 9.6.0 improperly exports application components via AndroidManifest.xml misconfiguration, allowing local attackers with user-level privileges to access sensitive functionality or information disclosure. The vulnerability is classified as low severity (CVSS 1.9) with publicly available exploit code, but the vendor has not responded to disclosure and no patch has been released. While exploitation requires local device access and legitimate app installation, the improper component export could enable privilege escalation or data theft when combined with other vulnerabilities.

Information Disclosure Google Idnow
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

InstantBits Web Video Cast on Android versions up to 5.12.4 improperly exports application components via AndroidManifest.xml configuration, allowing local attackers with user privileges to access sensitive functionality without authentication. The vulnerability has a CVSS score of 1.9 with low confidentiality impact and no integrity or availability impact, but is rated problematic due to the disclosure of exploitation techniques and vendor non-responsiveness. This is a local, low-severity information disclosure issue affecting only users with direct device access.

Information Disclosure Google Web Video Cast
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Dunamu StockPlus Android app versions up to 7.62.10 improperly export application components via AndroidManifest.xml configuration, allowing local attackers with low privileges to access sensitive functionality. The vulnerability requires local device access and affects the com.dunamu.stockplus component, resulting in limited information disclosure. Publicly available exploit code exists, and the vendor did not respond to early disclosure notification.

Information Disclosure Google Stockplus
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

CallApp Caller ID App versions up to 2.0.4 on Android improperly export application components via AndroidManifest.xml misconfiguration, allowing local authenticated attackers to access sensitive functionality with limited information disclosure impact. The vulnerability has been publicly disclosed with exploit code available, though the CVSS score of 1.9 and EPSS of 0.03% indicate minimal real-world exploitation risk despite public POC availability.

Information Disclosure Google Callapp
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WesternDeal WooCommerce Google Sheet Connector plugin versions up to 1.3.20 allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated WordPress administrators. The plugin fails to implement proper CSRF token validation on critical functionality, enabling attackers to craft malicious requests that execute actions without explicit user consent. Although EPSS scoring indicates low exploitation probability (0.02%), CSRF vulnerabilities targeting WordPress admin functions represent a meaningful risk in multi-admin environments where social engineering can trick administrators into visiting attacker-controlled pages.

WordPress CSRF Google
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Google Information Disclosure +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Microsoft Google Authentication Bypass +2
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

Microsoft Google Authentication Bypass +2
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Immich versions prior to 1.132.0 are vulnerable to account hijacking through OAuth2 state parameter validation bypass (CWE-303). An attacker can perform unauthorized account linkage by exploiting missing state parameter verification, allowing them to hijack victim accounts through crafted OAuth login URLs or hidden iframes embedded in malicious webpages. This vulnerability is particularly dangerous when OAuth providers are publicly accessible, and affected users can be compromised without direct interaction if the /user-settings redirect_uri is configured.

Google CSRF
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CVE-2025-38324 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Google Linux Information Disclosure +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipc_aead_encrypt syzbot reported a refcount warning [1] caused by calling get_net() on a network namespace that is being destroyed (refcount=0). This happens when a TIPC discovery timer fires during network namespace cleanup. The recently added get_net() call in commit e279024617134 ("net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done") attempts to hold a reference to the network namespace. However, if the namespace is already being destroyed, its refcount might be zero, leading to the use-after-free warning. Replace get_net() with maybe_get_net(), which safely checks if the refcount is non-zero before incrementing it. If the namespace is being destroyed, return -ENODEV early, after releasing the bearer reference. [1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2

Google Linux Information Disclosure +6
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

CVE-2025-0141 is a security vulnerability (CVSS 8.4) that allows a locally authenticated non administrative user. High severity vulnerability requiring prompt remediation.

Microsoft Google Paloalto +6
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

CVE-2025-0140 is a security vulnerability (CVSS 6.8) that allows a locally authenticated non administrative user. Remediation should follow standard vulnerability management procedures.

Microsoft Google Paloalto +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor...

Linux Use After Free Google +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-38245 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Google Linux Information Disclosure +6
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.

PHP Google RCE +5
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.

Denial Of Service Software Development Kit Android +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.

Denial Of Service Software Development Kit Android +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.

Information Disclosure Buffer Overflow Yocto +4
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.

Google Authentication Bypass Chrome Os +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Google Linux Denial Of Service +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent process of initialization failure syzbot reported a slab-use-after-free Read in vidtv_mux_init. [1] After PSI initialization fails, the si member is accessed again, resulting in this uaf. After si initialization fails, the subsequent process needs to be exited. [1] BUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline] BUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524 Read of size 8 at addr ffff88802fa42acc by task syz.2.37/6059 CPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xd9/0x110 mm/kasan/report.c:634 vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524 vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194 vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239 dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973 dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline] dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537 dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564 dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline] dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246 __fput+0x3ff/0xb70 fs/file_table.c:464 task_work_run+0x14e/0x250 kernel/task_work.c:227 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0xad8/0x2d70 kernel/exit.c:938 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087 __do_sys_exit_group kernel/exit.c:1098 [inline] __se_sys_exit_group kernel/exit.c:1096 [inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096 x64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f871d58d169 Code: Unable to access opcode bytes at 0x7f871d58d13f. RSP: 002b:00007fff4b19a788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f871d58d169 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fff4b19a7ec R08: 0000000b4b19a87f R09: 00000000000927c0 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003 R13: 00000000000927c0 R14: 000000000001d553 R15: 00007fff4b19a840 </TASK> Allocated by task 6059: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394 kmalloc_noprof include/linux/slab.h:901 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] vidtv_psi_pat_table_init drivers/media/test-drivers/vidtv/vidtv_psi.c:970 vidtv_channel_si_init drivers/media/test-drivers/vidtv/vidtv_channel.c:423 vidtv_mux_init drivers/media/test-drivers/vidtv/vidtv_mux.c:519 vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194 vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239 dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973 dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline] dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537 dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564 dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline] dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246 __fput+0x3ff/0xb70 fs/file_tabl ---truncated---

Linux Use After Free Google +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() is protected by rwsem, but this is not enough. If it is not protected by RCU read-critical region, when idr_for_each() calls radix_tree_node_free() through call_rcu() to free the radix_tree_node structure, the node will be freed immediately, and when reading the next node in radix_tree_for_each_slot(), the already freed memory may be read. Therefore, we need to add code to make sure that idr_for_each() is protected within the RCU read-critical region when we call it in shm_destroy_orphaned().

Linux Use After Free Google +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CVE-2025-38207 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Google Linux Information Disclosure +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CVE-2025-38196 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Google Linux Information Disclosure +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Free invalid length skb in atmtcp_c_send(). syzbot reported the splat below. [0] vcc_sendmsg() copies data passed from userspace to skb and passes it to vcc->dev->ops->send(). atmtcp_c_send() accesses skb->data as struct atmtcp_hdr after checking if skb->len is 0, but it's not enough. Also, when skb->len == 0, skb and sk (vcc) were leaked because dev_kfree_skb() is not called and sk_wmem_alloc adjustment is missing to revert atm_account_tx() in vcc_sendmsg(), which is expected to be done in atm_pop_raw(). Let's properly free skb with an invalid length in atmtcp_c_send(). [0]: BUG: KMSAN: uninit-value in atmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294 atmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294 vcc_sendmsg+0xd7c/0xff0 net/atm/common.c:644 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:727 ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620 __sys_sendmsg net/socket.c:2652 [inline] __do_sys_sendmsg net/socket.c:2657 [inline] __se_sys_sendmsg net/socket.c:2655 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655 x64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4154 [inline] slab_alloc_node mm/slub.c:4197 [inline] kmem_cache_alloc_node_noprof+0x818/0xf00 mm/slub.c:4249 kmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:579 __alloc_skb+0x347/0x7d0 net/core/skbuff.c:670 alloc_skb include/linux/skbuff.h:1336 [inline] vcc_sendmsg+0xb40/0xff0 net/atm/common.c:628 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:727 ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620 __sys_sendmsg net/socket.c:2652 [inline] __do_sys_sendmsg net/socket.c:2657 [inline] __se_sys_sendmsg net/socket.c:2655 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655 x64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 1 UID: 0 PID: 5798 Comm: syz-executor192 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(undef) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025

Google Linux Information Disclosure +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline] _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline] page_pool_recycle_in_ring net/core/page_pool.c:707 [inline] page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826 page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline] page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline] napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036 skb_pp_recycle net/core/skbuff.c:1047 [inline] skb_free_head net/core/skbuff.c:1094 [inline] skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1263 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline] root cause is: page_pool_recycle_in_ring ptr_ring_produce spin_lock(&r->producer_lock); WRITE_ONCE(r->queue[r->producer++], ptr) //recycle last page to pool page_pool_release page_pool_scrub page_pool_empty_ring ptr_ring_consume page_pool_return_page //release all page __page_pool_destroy free_percpu(pool->recycle_stats); free(pool) //free spin_unlock(&r->producer_lock); //pool->ring uaf read recycle_stat_inc(pool, ring); page_pool can be free while page pool recycle the last page in ring. Add producer-lock barrier to page_pool_release to prevent the page pool from being free before all pages have been recycled. recycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not enabled, which will trigger Wempty-body build warning. Add definition for pool stat macro to fix warning.

Linux Use After Free Google +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmt_pending list with its own lock This uses a mutex to protect from concurrent access of mgmt_pending list which can cause crashes like: ================================================================== BUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91 Read of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318 CPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 print_address_description+0xa8/0x254 mm/kasan/report.c:408 print_report+0x68/0x84 mm/kasan/report.c:521 kasan_report+0xb0/0x110 mm/kasan/report.c:634 __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379 hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91 mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223 pending_find net/bluetooth/mgmt.c:947 [inline] remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445 hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712 hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg net/socket.c:727 [inline] sock_write_iter+0x25c/0x378 net/socket.c:1131 new_sync_write fs/read_write.c:591 [inline] vfs_write+0x62c/0x97c fs/read_write.c:684 ksys_write+0x120/0x210 fs/read_write.c:736 __do_sys_write fs/read_write.c:747 [inline] __se_sys_write fs/read_write.c:744 [inline] __arm64_sys_write+0x7c/0x90 fs/read_write.c:744 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Allocated by task 7037: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4327 [inline] __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339 kmalloc_noprof include/linux/slab.h:909 [inline] sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198 sk_alloc+0x44/0x3ac net/core/sock.c:2254 bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148 hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202 bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132 __sock_create+0x43c/0x91c net/socket.c:1541 sock_create net/socket.c:1599 [inline] __sys_socket_create net/socket.c:1636 [inline] __sys_socket+0xd4/0x1c0 net/socket.c:1683 __do_sys_socket net/socket.c:1697 [inline] __se_sys_socket net/socket.c:1695 [inline] __arm64_sys_socket+0x7c/0x94 net/socket.c:1695 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Freed by task 6607: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline ---truncated---

Linux Use After Free Denial Of Service +7
NVD VulDB
CVSS 9.3
CRITICAL PATCH Act Now

Rejected reason: Neither filed by Chrome nor a valid security vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 8.8
HIGH PATCH This Week

Rejected reason: Neither filed by Chrome nor a valid security vulnerability. Rated high severity (CVSS 8.8). No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 9.3
CRITICAL PATCH Act Now

Rejected reason: Neither filed by Chrome nor a valid security vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Microsoft Google Memory Corruption +3
NVD GitHub
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

A security vulnerability in No cwe for this (CVSS 7.4) that allows an unauthorized attacker. Risk factors: public PoC available.

Microsoft Google Information Disclosure +2
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM This Month

CVE-2025-45083 is a security vulnerability (CVSS 6.1) that allows attackers. Remediation should follow standard vulnerability management procedures.

Google Apple Authentication Bypass +2
NVD
EPSS 0% 4.6 CVSS 8.1
HIGH POC KEV PATCH THREAT Act Now

Chrome's V8 engine contains a type confusion vulnerability (CVE-2025-6554, CVSS 8.1) enabling arbitrary read/write operations through crafted HTML pages. KEV-listed with public PoC, type confusion in V8 is the most reliable class of browser exploitation primitives, providing full memory read/write capability for code execution within the renderer sandbox.

Google Information Disclosure Memory Corruption +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CVE-2025-38084 is a security vulnerability (CVSS 5.5) that allows racing vma-locked page faults. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Google Linux Information Disclosure +6
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms allows Cross Site Request Forgery. This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through 1.3.4.

Google CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google allows Reflected XSS. This issue affects Photo Express for Google: from n/a through 0.3.2.

Google XSS
NVD
EPSS 0% CVSS 0.9
LOW POC Monitor

A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Google Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A security vulnerability in Meshtastic-Android (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

Microsoft Google XSS +6
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A remote code execution vulnerability in Loader in Google Chrome (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Google Authentication Bypass Ubuntu +3
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Google Use After Free Memory Corruption +5
NVD
EPSS 0%
PATCH Monitor

Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages. Claude Code for VSCode IDE extensions versions 0.2.116 through 1.0.23 are vulnerable. For Jetbrains IDE plugins, Claude Code [beta] versions 0.1.1 through 0.1.8 are vulnerable. In VSCode (and forks), exploitation would allow an attacker to read arbitrary files, see the list of files open in the IDE, get selection and diagnostics events from the IDE, or execute code in limited situations where a user has an open Jupyter Notebook and accepts a malicious prompt. In JetBrains IDEs, an attacker could get selection events, a list of open files, and a list of syntax errors. Claude released a patch for this issue on June 13th, 2025. Although Claude Code auto-updates when a user launch it and auto-updates the extensions, users should take the following steps, though the exact steps depend on one's integrated development environment (IDE). For VSCode, Cursor, Windsurf, VSCodium, and other VSCode forks, check the extension Claude Code for VSCode. Open the list of Extensions (View->Extensions), look for Claude Code for VSCode among installed extensions, update or uninstall any version prior to 1.0.24, and restart the IDE. For JetBrains IDEs including IntelliJ, PyCharm, and Android Studio, check the plugin Claude Code [Beta]. Open the Plugins list, look for Claude Code [Beta] among installed extensions, update or uninstall any version prior to 0.1.9, and restart the IDE.

Google RCE Android
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

Mozilla Google Authentication Bypass
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

Google Mozilla Open Redirect
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack.

Authentication Bypass Google Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Pixel Manager for WooCommerce - Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's conversion-pixel in all versions up to, and including, 1.49.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Google +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free vulnerability in Google Chrome's Metrics component that allows remote attackers to exploit heap corruption and achieve arbitrary code execution through a crafted HTML page. The vulnerability affects Chrome versions prior to 137.0.7151.119 and requires only user interaction (clicking a link/viewing a page) with no special privileges. This is a high-severity remote code execution vector with active exploitation risk given the ubiquity of Chrome and the low attack complexity.

Use After Free Memory Corruption Google +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

High-severity integer overflow vulnerability in the V8 JavaScript engine within Google Chrome that enables out-of-bounds memory access through a maliciously crafted HTML page. The vulnerability affects Chrome versions prior to 137.0.7151.119 and requires only user interaction (clicking a link, visiting a page) with no special privileges needed. Successful exploitation allows attackers to read sensitive data, modify content, or crash the browser with a CVSS score of 8.8.

Buffer Overflow Google Integer Overflow +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CVE-2022-50224 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Google +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CVE-2022-49983 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Google +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CVE-2022-49976 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Microsoft Linux Information Disclosure +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix null pointer dereference Asus chromebook CX550 crashes during boot on v5.17-rc1 kernel. The root cause is null pointer defeference of bi_next in tgl_get_bw_info() in drivers/gpu/drm/i915/display/intel_bw.c. BUG: kernel NULL pointer dereference, address: 000000000000002e PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 1 Comm: swapper/0 Tainted: G U 5.17.0-rc1 Hardware name: Google Delbin/Delbin, BIOS Google_Delbin.13672.156.3 05/14/2021 RIP: 0010:tgl_get_bw_info+0x2de/0x510 ... [ 2.554467] Call Trace: [ 2.554467] <TASK> [ 2.554467] intel_bw_init_hw+0x14a/0x434 [ 2.554467] ? _printk+0x59/0x73 [ 2.554467] ? _dev_err+0x77/0x91 [ 2.554467] i915_driver_hw_probe+0x329/0x33e [ 2.554467] i915_driver_probe+0x4c8/0x638 [ 2.554467] i915_pci_probe+0xf8/0x14e [ 2.554467] ? _raw_spin_unlock_irqrestore+0x12/0x2c [ 2.554467] pci_device_probe+0xaa/0x142 [ 2.554467] really_probe+0x13f/0x2f4 [ 2.554467] __driver_probe_device+0x9e/0xd3 [ 2.554467] driver_probe_device+0x24/0x7c [ 2.554467] __driver_attach+0xba/0xcf [ 2.554467] ? driver_attach+0x1f/0x1f [ 2.554467] bus_for_each_dev+0x8c/0xc0 [ 2.554467] bus_add_driver+0x11b/0x1f7 [ 2.554467] driver_register+0x60/0xea [ 2.554467] ? mipi_dsi_bus_init+0x16/0x16 [ 2.554467] i915_init+0x2c/0xb9 [ 2.554467] ? mipi_dsi_bus_init+0x16/0x16 [ 2.554467] do_one_initcall+0x12e/0x2b3 [ 2.554467] do_initcall_level+0xd6/0xf3 [ 2.554467] do_initcalls+0x4e/0x79 [ 2.554467] kernel_init_freeable+0xed/0x14d [ 2.554467] ? rest_init+0xc1/0xc1 [ 2.554467] kernel_init+0x1a/0x120 [ 2.554467] ret_from_fork+0x1f/0x30 [ 2.554467] </TASK> ... Kernel panic - not syncing: Fatal exception (cherry picked from commit c247cd03898c4c43c3bce6d4014730403bc13032)

Null Pointer Dereference Linux Denial Of Service +7
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: binder: fix alloc->vma_vm_mm null-ptr dereference Syzbot reported a couple issues introduced by commit 44e602b4e52f ("binder_alloc: add missing mmap_lock calls when using the VMA"), in which we attempt to acquire the mmap_lock when alloc->vma_vm_mm has not been initialized yet. This can happen if a binder_proc receives a transaction without having previously called mmap() to setup the binder_proc->alloc space in [1]. Also, a similar issue occurs via binder_alloc_print_pages() when we try to dump the debugfs binder stats file in [2]. Sample of syzbot's crash report: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f] CPU: 0 PID: 3755 Comm: syz-executor229 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 syz-executor229[3755] cmdline: ./syz-executor2294415195 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:__lock_acquire+0xd83/0x56d0 kernel/locking/lockdep.c:4923 [...] Call Trace: <TASK> lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 down_read+0x98/0x450 kernel/locking/rwsem.c:1499 mmap_read_lock include/linux/mmap_lock.h:117 [inline] binder_alloc_new_buf_locked drivers/android/binder_alloc.c:405 [inline] binder_alloc_new_buf+0xa5/0x19e0 drivers/android/binder_alloc.c:593 binder_transaction+0x242e/0x9a80 drivers/android/binder.c:3199 binder_thread_write+0x664/0x3220 drivers/android/binder.c:3986 binder_ioctl_write_read drivers/android/binder.c:5036 [inline] binder_ioctl+0x3470/0x6d00 drivers/android/binder.c:5323 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd [...] ================================================================== Fix these issues by setting up alloc->vma_vm_mm pointer during open() and caching directly from current->mm. This guarantees we have a valid reference to take the mmap_lock during scenarios described above. [1] https://syzkaller.appspot.com/bug?extid=f7dc54e5be28950ac459 [2] https://syzkaller.appspot.com/bug?extid=a75ebe0452711c9e56d9

Null Pointer Dereference Linux Denial Of Service +7
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

Grafana Information Disclosure Google +3
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical permissions bypass vulnerability in Google Chrome OS 16181.27.0 that allows local attackers to disable extensions and gain unauthorized access to Developer Mode on managed Chrome devices. The vulnerability is exploited using the ExtHang3r and ExtPrint3r tools to load arbitrary extensions, affecting enterprise-managed deployments with a CVSS score of 9.8 (critical severity). Active exploitation status and proof-of-concept availability should be verified through CISA KEV and security advisories.

Privilege Escalation Google Denial Of Service +2
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Local privilege escalation vulnerability in Google ChromeOS MiniOS that allows unauthenticated attackers to achieve root code execution by exploiting an accessible debug shell (VT3 console) through specific key combinations during developer mode entry, circumventing device policy restrictions and Firmware Write Protect mechanisms. This vulnerability affects ChromeOS version 16063.45.2 and potentially other versions on enrolled devices, with a CVSS score of 7.4 indicating high severity. The attack requires local access and specific technical knowledge of key sequences, but no user interaction is needed once device access is obtained.

RCE Privilege Escalation Google +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.

Apple Open Redirect Google +3
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

CVE-2025-22854 is a security vulnerability (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.

RCE Path Traversal Google +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Type confusion vulnerability in Google Chrome's V8 JavaScript engine that enables remote code execution within the Chrome sandbox prior to version 137.0.7151.103. An attacker can exploit this via a crafted HTML page by tricking a user into visiting a malicious website, achieving arbitrary code execution with high severity impact (CVSS 8.8). The vulnerability's network-based attack vector, low complexity, and requirement only for user interaction make it a practical exploitation target.

RCE Memory Corruption Google +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free vulnerability in Google Chrome's Media component that allows remote attackers to corrupt heap memory and achieve arbitrary code execution through a crafted HTML page. All Chrome versions prior to 137.0.7151.103 are affected. The vulnerability requires user interaction (clicking/viewing the malicious page) but can lead to complete system compromise with high impact on confidentiality, integrity, and availability.

Use After Free Memory Corruption Google +3
NVD
EPSS 0% CVSS 9.4
CRITICAL POC Act Now

CVE-2025-36852 is a security vulnerability (CVSS 9.4) that allows any contributor with pull request privileges. Critical severity with potential for significant impact on affected systems.

Authentication Bypass Google
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Wasp framework versions prior to 0.16.6 contain a critical OAuth/OpenID Connect implementation flaw where user IDs are improperly lowercased before storage and authentication, violating specification requirements. This affects only Keycloak deployments configured with case-sensitive user IDs, enabling attackers to impersonate users, trigger account collisions, and escalate privileges. While the CVSS score of 8.2 reflects high integrity impact, real-world risk is constrained to Keycloak with specific non-default configuration, and no public exploit or KEV designation has been reported.

Node.js Privilege Escalation Google
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ángel C. Simple Google Static Map allows DOM-Based XSS. This issue affects Simple Google Static Map: from n/a through 1.0.1.

XSS Google
NVD
EPSS 0% CVSS 7.6
HIGH This Week

SQL Injection vulnerability in Nir Complete Google SEO Scan plugin (versions up to 3.5.1) that allows authenticated attackers with high privileges to execute arbitrary SQL commands against the database. While the CVSS score is 7.6 (high), the attack requires administrative credentials and does not enable data modification, limiting real-world impact to information disclosure and service degradation. No active exploitation in the wild has been confirmed at this time.

SQLi Google
NVD
EPSS 0% CVSS 0.3
LOW POC Monitor

A security vulnerability in A vulnerability (CVSS 3.8). Risk factors: public PoC available.

Information Disclosure Google
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The `Origin` header is checked to prevent Cross-site WebSocket hijacking from happening, which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address `Origin` headers. This allows websites that are served on IP addresses to connect WebSocket. An attacker can obtain source code via a method similar to that used to exploit CVE-2018-14732. Version 5.2.1 contains a patch for the issue.

Information Disclosure Google Webpack Dev Server +2
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM This Month

In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.

Buffer Overflow Denial Of Service Android +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.

Null Pointer Dereference Denial Of Service Android +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.

Privilege Escalation Command Injection Android +1
NVD
EPSS 1% CVSS 7.5
HIGH KEV THREAT Act Now

Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory corruption during graphics rendering. KEV-listed, this vulnerability can be triggered through Chrome on Android devices with Qualcomm chipsets, providing a kernel-level exploitation path from web content.

Memory Corruption Google Denial Of Service +43
NVD
EPSS 3% 4.9 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Chrome's V8 JavaScript engine contains an out-of-bounds read and write vulnerability (CVE-2025-5419, CVSS 8.8) enabling remote heap corruption through crafted HTML pages. KEV-listed with EPSS 3.0% and public PoC, this vulnerability provides both read and write primitives in V8's heap, making it highly reliable for exploitation.

Google Heap Overflow Memory Corruption +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A security vulnerability in Blink in Google Chrome (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Use After Free Memory Corruption Google +3
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google PHP XSS +1
NVD GitHub
EPSS 0% CVSS 8.3
HIGH This Week

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google RCE
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Google Authentication Bypass Mattermost Server +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress XSS +1
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Google Authentication Bypass +6
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +4
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +3
NVD
Prev Page 33 of 156 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy