Skip to main content

Google

13978 CVEs vendor

Monthly

CVE-2025-27700 HIGH This Month

There is a possible bypass of carrier restrictions due to an unusual root cause. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-56193 MEDIUM This Month

There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-4683 MEDIUM PATCH Monitor

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Apple Google WordPress Authentication Bypass Mstore Api +3
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-5154 MEDIUM POC Monitor

A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Phonepe Android
NVD GitHub VulDB
CVSS 4.0
4.6
EPSS
0.1%
CVE-2025-5098 CRITICAL POC Act Now

PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Printershare Android
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-2394 MEDIUM This Month

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure Authentication Bypass Android +1
NVD
CVSS 4.0
4.7
EPSS
0.1%
CVE-2025-47181 HIGH This Month

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Edge Update Chrome
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-12561 MEDIUM This Month

The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.4.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress Google
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2021-25262 MEDIUM This Month

Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Yandex Browser Android
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2021-25255 HIGH This Week

Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Yandex Browser Android
NVD
CVSS 4.0
8.3
EPSS
0.7%
CVE-2021-25254 HIGH This Week

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Yandex Browser Android
NVD
CVSS 4.0
8.2
EPSS
0.3%
CVE-2025-37961 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Google Linux Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37923 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Google Linux Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37897 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release plfxlc_mac_release() asserts that mac->lock is held. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-48233 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration allows Stored XSS.0.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-4600 HIGH This Month

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Request Smuggling Application Load Balancer
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-11109 MEDIUM POC Monitor

The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Wp Google Review Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-2334 MEDIUM This Month

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress CSRF Easy Digital Downloads Google Sheet Connector Edd Gsheetconnector
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25370 MEDIUM This Month

An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-0135 MEDIUM This Month

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Paloalto Google Microsoft +5
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2025-4664 MEDIUM PATCH Monitor

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1079 HIGH POC This Week

Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Google Information Disclosure Web Designer macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37806 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Keep write operations atomic syzbot reported a NULL pointer dereference in __generic_file_write_iter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47669 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sabuj Kundu CBX Map for Google Map & OpenStreetMap allows DOM-Based XSS.1.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4372 HIGH PATCH This Week

Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0649 HIGH PATCH This Week

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow Stack Overflow Tensorflow Serving Tensorflow +1
NVD GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2025-46335 PyPI HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS Apple Mobile Security Framework +3
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-4096 HIGH PATCH This Week

Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-4052 CRITICAL PATCH Act Now

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-4051 MEDIUM PATCH This Month

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Suse
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-4050 HIGH PATCH This Week

Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-20671 HIGH This Week

In thermal, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-20668 HIGH This Week

In scp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20665 MEDIUM This Month

In devinfo, there is a possible information disclosure due to a missing SELinux policy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-53141 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() ila_xlat_nl_cmd_get_mapping() generates an empty skb,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-53138 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: caif: Fix use-after-free in cfusbl_device_notify() syzbot reported use-after-free in cfusbl_device_notify() [1]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Google +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53119 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Google Linux Canonical Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-53117 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Google Buffer Overflow Linux Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-53100 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in ext4_update_inline_data Syzbot found the following issue: EXT4-fs (loop0): mounted filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-53053 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: erspan: do not use skb_mac_header() in ndo_start_xmit() Drivers should not assume skb_mac_header(skb) == skb->data in their. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-3438 MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Apple Google WordPress Privilege Escalation Mstore Api +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-29825 MEDIUM This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Authentication Bypass Edge Chromium Chrome
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2022-49916 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rose_send_frame() The syzkaller reported an issue: KASAN: null-ptr-deref in range. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-49880 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows: EXT4-fs (loop0): Free/Dirty block details EXT4-fs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49846 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Google Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-49795 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: rethook: fix a potential memleak in rethook_alloc() In rethook_alloc(), the variable rh is not freed or passed out if handler is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-49782 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: perf: Improve missing SIGTRAP checking To catch missing SIGTRAP we employ a WARN in __perf_event_overflow(), which fires if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49775 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tcp: cdg: allow tcp_cdg_release() to be called multiple times Apparently, mptcp is able to call tcp_disconnect() on an already. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37780 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: isofs: Prevent the use of too small fid syzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Google Buffer Overflow Linux Linux Kernel +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-37752 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: move the limit validation It is not sufficient to directly validate the limit on the data that the user passes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23150 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split Syzkaller detected a use-after-free issue in ext4_insert_dentry that was caused by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Buffer Overflow Linux Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-23149 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tpm: do not start chip while suspended Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can lead to a spurious. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-23141 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-46331 Go MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.3%
CVE-2025-4090 MEDIUM PATCH This Month

A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-4086 MEDIUM PATCH This Month

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-11917 HIGH This Week

The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google WordPress Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-3866 MEDIUM This Month

The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress CSRF XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-46503 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid allows Server Side Request Forgery.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Google SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-46483 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Peadig’s Google +1 Button allows DOM-Based XSS.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46452 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS.5.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39382 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-1284 MEDIUM This Month

The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-25983 LOW POC Monitor

An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure V380 Pro Android
NVD GitHub
CVSS 3.1
3.4
EPSS
0.2%
CVE-2025-27599 MEDIUM This Month

Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-39442 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave - Google Places Reviews allows Stored XSS.4.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-32520 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-27313 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bernd Altmeier Google Maps GPX Viewer allows Reflected XSS.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22651 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wppluginboxdev Stylish Google Sheet Reader allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2025-2903 HIGH This Week

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-1704 MEDIUM POC This Month

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Google Chrome Os +1
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1568 HIGH This Week

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Google Authentication Bypass Denial Of Service Chrome Os +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-1566 HIGH This Week

DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Os Chrome
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-3620 HIGH PATCH This Week

Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-3619 HIGH PATCH This Week

Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Buffer Overflow Heap Overflow Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-3739 PHP MEDIUM This Month

Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.*. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Drupal 8 Google Optimize Hide Page Drupal
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-3738 PHP MEDIUM This Month

Vulnerability in Drupal Google Optimize.*. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Google Optimize Drupal
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-3737 PHP MEDIUM This Month

Vulnerability in Drupal Google Maps: Store Locator.*. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Store Locator Project Drupal
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-22093 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx->dmub_srv will de NULL if the ASIC does not support DMUB, which is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Amd Google Denial Of Service +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22085 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Google +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22084 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: w1: fix NULL pointer dereference in probe The w1_uart_probe() function calls w1_uart_serdev_open() (which includes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Null Pointer Dereference Linux Denial Of Service Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22062 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in proc_sctp_do_udp_port() We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Canonical Google Denial Of Service +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-1292 MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-1122 MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-36842 HIGH This Week

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Google Android
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2025-3522 MEDIUM PATCH This Month

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Open Redirect Google Mozilla Chrome
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-29834 HIGH This Week

Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google Microsoft Buffer Overflow Edge Chromium +1
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-32282 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32617 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ydesignservices Multiple Location Google Map allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-29805 HIGH This Week

Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Outlook Android
NVD
CVSS 3.1
7.5
EPSS
6.4%
EPSS 0% CVSS 8.4
HIGH This Month

There is a possible bypass of carrier restrictions due to an unusual root cause. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Apple Google WordPress +5
NVD
EPSS 0% CVSS 4.6
MEDIUM POC Monitor

A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Phonepe +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Printershare +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure +3
NVD
EPSS 1% CVSS 8.8
HIGH This Month

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.4.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress Google
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Yandex Browser +1
NVD
EPSS 1% CVSS 8.3
HIGH This Week

Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Yandex Browser +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Yandex Browser +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Google Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Google +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release plfxlc_mac_release() asserts that mac->lock is held. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Linux Denial Of Service +4
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration allows Stored XSS.0.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
EPSS 0% CVSS 8.7
HIGH This Month

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Request Smuggling +1
NVD
EPSS 0% CVSS 4.8
MEDIUM POC Monitor

The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS +1
NVD WPScan
EPSS 0% CVSS 5.4
MEDIUM This Month

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress CSRF +2
NVD WPScan
EPSS 0% CVSS 4.6
MEDIUM This Month

An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub
EPSS 0% CVSS 5.2
MEDIUM This Month

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Paloalto +7
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Google Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Keep write operations atomic syzbot reported a NULL pointer dereference in __generic_file_write_iter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Null Pointer Dereference Linux +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sabuj Kundu CBX Map for Google Map & OpenStreetMap allows DOM-Based XSS.1.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +3
NVD
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow Stack Overflow +3
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS +5
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In thermal, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In scp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In devinfo, there is a possible information disclosure due to a missing SELinux policy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() ila_xlat_nl_cmd_get_mapping() generates an empty skb,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: caif: Fix use-after-free in cfusbl_device_notify() syzbot reported use-after-free in cfusbl_device_notify() [1]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Google Linux +4
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Google Buffer Overflow +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in ext4_update_inline_data Syzbot found the following issue: EXT4-fs (loop0): mounted filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: erspan: do not use skb_mac_header() in ndo_start_xmit() Drivers should not assume skb_mac_header(skb) == skb->data in their. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Google Linux +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Apple Google WordPress +5
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Authentication Bypass +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rose_send_frame() The syzkaller reported an issue: KASAN: null-ptr-deref in range. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Null Pointer Dereference Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows: EXT4-fs (loop0): Free/Dirty block details EXT4-fs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Google +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: rethook: fix a potential memleak in rethook_alloc() In rethook_alloc(), the variable rh is not freed or passed out if handler is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Google Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: perf: Improve missing SIGTRAP checking To catch missing SIGTRAP we employ a WARN in __perf_event_overflow(), which fires if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Buffer Overflow Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tcp: cdg: allow tcp_cdg_release() to be called multiple times Apparently, mptcp is able to call tcp_disconnect() on an already. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Google Linux +3
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: isofs: Prevent the use of too small fid syzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Google Buffer Overflow +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: move the limit validation It is not sufficient to directly validate the limit on the data that the user passes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Linux Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split Syzkaller detected a use-after-free issue in ext4_insert_dentry that was caused by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Buffer Overflow Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tpm: do not start chip while suspended Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can lead to a spurious. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
EPSS 0% CVSS 8.1
HIGH This Week

The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google WordPress Authentication Bypass
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress CSRF +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid allows Server Side Request Forgery.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Google SSRF
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Peadig’s Google +1 Button allows DOM-Based XSS.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS.5.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress Authentication Bypass +1
NVD
EPSS 0% CVSS 3.4
LOW POC Monitor

An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure V380 Pro +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave - Google Places Reviews allows Stored XSS.4.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bernd Altmeier Google Maps GPX Viewer allows Reflected XSS.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wppluginboxdev Stylish Google Sheet Reader allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Google Authentication Bypass +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Os +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Buffer Overflow +4
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.*. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Drupal 8 Google Optimize Hide Page +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Vulnerability in Drupal Google Optimize.*. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Google Optimize +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Vulnerability in Drupal Google Maps: Store Locator.*. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Store Locator Project +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx->dmub_srv will de NULL if the ASIC does not support DMUB, which is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Amd +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: w1: fix NULL pointer dereference in probe The w1_uart_probe() function calls w1_uart_serdev_open() (which includes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Null Pointer Dereference Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in proc_sctp_do_udp_port() We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Canonical +5
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google +1
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google +1
NVD
EPSS 1% CVSS 7.3
HIGH This Week

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Google +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Open Redirect Google +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google Microsoft +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ydesignservices Multiple Location Google Map allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
EPSS 6% CVSS 7.5
HIGH This Week

Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure +2
NVD
Prev Page 34 of 156 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy