Skip to main content

Google

13978 CVEs vendor

Monthly

CVE-2025-20662 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Mt9972 +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20661 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Mt9972 +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20660 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20658 MEDIUM This Month

In DA, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Mt2718 +18
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20657 MEDIUM This Month

In vdec, there is a possible permission bypass due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20656 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +19
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-20655 MEDIUM This Month

In keymaster, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android Mt9972 Google
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-32138 MEDIUM This Month

Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection.11.17. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Google
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2025-29815 HIGH This Week

Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Microsoft +2
NVD
CVSS 3.1
7.6
EPSS
1.0%
CVE-2025-25001 MEDIUM This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google XSS Edge Chrome
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2025-25000 HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass Google Edge Chromium +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-47215 HIGH PATCH This Week

An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Snowbridge
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-31127 MEDIUM This Month

Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-3074 MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3073 MEDIUM PATCH This Month

Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3072 MEDIUM PATCH This Month

Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3071 MEDIUM PATCH This Month

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-3070 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Suse
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-3069 HIGH PATCH This Week

Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-3068 HIGH PATCH This Week

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Android Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-3067 HIGH PATCH This Week

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Android Suse
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-3066 HIGH PATCH This Week

Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-25041 MEDIUM This Month

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Google Aruba Information Disclosure Android +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21969 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Google +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21948 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: appleir: Fix potential NULL dereference at raw event handle Syzkaller reports a NULL pointer dereference issue in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21910 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue [1] that occurs when erroneous symbols. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31775 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in smackcoders Google SEO Pressor Snippet allows Cross Site Request Forgery.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-30614 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haozhe Xie Google Font Fix allows Reflected XSS.3.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31683 PHP MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.0.0 before 1.8.0, from 2.0.0 before 2.0.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google CSRF Google Tag Drupal
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-31682 PHP MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Google Tag allows Cross-Site Scripting (XSS).0.0 before 1.8.0, from 2.0.0 before 2.0.8. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS Google Tag Drupal
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2025-31613 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-31530 MEDIUM This Month

Missing Authorization vulnerability in smackcoders Google SEO Pressor Snippet allows Exploiting Incorrectly Configured Access Control Security Levels.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2713 MEDIUM PATCH This Month

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Google Privilege Escalation Gvisor
NVD GitHub
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-2074 MEDIUM This Month

The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the ‘sSearch’ parameter in all versions up to, and including, 1.29 due to insufficient escaping on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Google WordPress SQLi PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-53028 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux Canonical Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-53021 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_taprio: fix possible use-after-free syzbot reported a nasty crash [1] in net_tx_action() which made little sense. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Google Denial Of Service +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-52986 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener A listening socket linked to a sockmap has its sk_prot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-52933 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattr_ids count A Sysbot [1] corrupted filesystem exposes two flaws in the handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Google Buffer Overflow Linux Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-49738 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_extra_isize in is_alive() syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in data_blkaddr. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Google Buffer Overflow Linux Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22497 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A.H.C. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22667 MEDIUM This Month

Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets.8.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-21875 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-2857 CRITICAL PATCH Act Now

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Mozilla Chrome
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-30863 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms allows Cross Site Request Forgery.0.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-30799 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagup WP Google Street View allows Stored XSS.1.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-30783 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in jgwhite33 WP Google Review Slider allows SQL Injection.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google SQLi CSRF
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-2783 HIGH POC KEV PATCH THREAT Act Now

Google Chrome on Windows contains a Mojo IPC handle validation flaw enabling sandbox escape through a malicious file, exploited in targeted attacks against Russian organizations in March 2025.

Microsoft Google Information Disclosure Chrome Windows +1
NVD Exploit-DB
CVSS 3.1
8.3
EPSS
35.6%
CVE-2025-28939 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WP Google Calendar Manager allows Blind SQL Injection.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-28928 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Are you robot google recaptcha for wordpress allows Reflected XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23964 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Google Plus allows Reflected XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23466 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsiteeditor Site Editor Google Map allows Reflected XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13863 HIGH POC This Week

The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Stylish Google Sheet Reader
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-1558 MEDIUM This Month

Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Mattermost Mobile Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30609 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts - WordPress to Mobile App - WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-29806 MEDIUM This Month

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass Google Edge Chromium +1
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2025-29795 HIGH This Month

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Edge Update Chrome
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-25758 HIGH POC This Week

An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Kukufm Android
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0454 HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF Autogpt Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-9095 CRITICAL POC PATCH Act Now

In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Information Disclosure Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-8999 HIGH POC PATCH This Week

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-12450 CRITICAL POC PATCH Act Now

In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF RCE Ragflow Chrome
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-0245 MEDIUM This Month

A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2025-30259 LOW Monitor

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-2476 HIGH PATCH Act Now

Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.4% and no vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
16.4%
CVE-2025-30113 CRITICAL Act Now

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Dr 820 Firmware Android
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-2356 MEDIUM This Month

A vulnerability was found in BlackVue App 3.65 on Android. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Android
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-2355 MEDIUM This Month

A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-2342 MEDIUM This Month

A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-27606 MEDIUM PATCH This Month

Element Android is an Android Matrix Client provided by Element. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Element Android
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-1507 MEDIUM PATCH This Month

The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google WordPress Authentication Bypass Dashboard For Google Analytics PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-8402 LOW POC Monitor

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Rated low severity (CVSS 3.7). Public exploit code available and no vendor patch available.

Command Injection Gitlab Google
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-0117 HIGH This Week

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Paloalto Google Privilege Escalation Microsoft +4
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-21853 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-28920 MEDIUM This Month

Missing Authorization vulnerability in Jogesh Responsive Google Map allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Google Map: from n/a through 3.1.5. [CVSS 5.3 MEDIUM]

Authentication Bypass Google
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-28860 HIGH This Week

Cross-Site Request Forgery (CSRF) in the Google News Editors Picks Feed Generator WordPress plugin (versions ≤2.1) enables attackers to chain exploitation into Stored XSS, allowing malicious scripts to persist in the site database and execute in administrator or user browsers. The attack requires tricking an authenticated administrator into visiting a malicious site or clicking a crafted link (UI:R). EPSS score is very low (0.05%, 14th percentile), indicating minimal real-world exploitation observed. No CISA KEV listing and no public POC identified at time of analysis.

XSS CSRF Google
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-2137 HIGH PATCH This Week

Out of bounds read in V8 in Google Chrome versions up to 134.0.6998.88 is affected by out-of-bounds read (CVSS 8.8).

Chrome Suse Google
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-2136 HIGH PATCH This Week

Use after free in Inspector in Google Chrome versions up to 134.0.6998.88 is affected by use after free (CVSS 8.8).

Chrome Suse Google
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-2135 HIGH PATCH This Week

Type Confusion in V8 in Google Chrome versions up to 134.0.6998.88 is affected by access of resource using incompatible type (type confusion) (CVSS 8.8).

Chrome Suse Google
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-1920 HIGH PATCH This Week

Type Confusion in V8 in Google Chrome versions up to 134.0.6998.88 is affected by access of resource using incompatible type (type confusion) (CVSS 8.8).

Chrome Suse Google
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-11087 HIGH This Week

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google WordPress Authentication Bypass Social Login
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-27839 LOW Monitor

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
3.2
EPSS
0.1%
CVE-2025-26643 MEDIUM This Month

The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Authentication Bypass Edge Chromium Chrome
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-1121 MEDIUM This Month

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Os Chrome
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-1923 MEDIUM PATCH This Month

Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1922 MEDIUM PATCH This Month

Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1921 MEDIUM PATCH This Month

Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1919 HIGH PATCH This Week

Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-1918 HIGH PATCH This Week

Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-1917 MEDIUM PATCH This Month

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Android Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1916 HIGH PATCH This Week

Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
EPSS 0% CVSS 6.7
MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

In DA, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +20
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vdec, there is a possible permission bypass due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +21
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In keymaster, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android +2
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection.11.17. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Google
NVD
EPSS 1% CVSS 7.6
HIGH This Week

Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +4
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google XSS +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass +3
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Snowbridge
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +2
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Google Aruba +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: appleir: Fix potential NULL dereference at raw event handle Syzkaller reports a NULL pointer dereference issue in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Null Pointer Dereference Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue [1] that occurs when erroneous symbols. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in smackcoders Google SEO Pressor Snippet allows Cross Site Request Forgery.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haozhe Xie Google Font Fix allows Reflected XSS.3.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.0.0 before 1.8.0, from 2.0.0 before 2.0.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google CSRF Google Tag +1
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Google Tag allows Cross-Site Scripting (XSS).0.0 before 1.8.0, from 2.0.0 before 2.0.8. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS Google Tag +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing Authorization vulnerability in smackcoders Google SEO Pressor Snippet allows Exploiting Incorrectly Configured Access Control Security Levels.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Google Privilege Escalation Gvisor
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the ‘sSearch’ parameter in all versions up to, and including, 1.29 due to insufficient escaping on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Google WordPress SQLi +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_taprio: fix possible use-after-free syzbot reported a nasty crash [1] in net_tx_action() which made little sense. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener A listening socket linked to a sockmap has its sk_prot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattr_ids count A Sysbot [1] corrupted filesystem exposes two flaws in the handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Google Buffer Overflow +4
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_extra_isize in is_alive() syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in data_blkaddr. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Google Buffer Overflow +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A.H.C. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Google XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets.8.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress Authentication Bypass
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux
NVD
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms allows Cross Site Request Forgery.0.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagup WP Google Street View allows Stored XSS.1.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in jgwhite33 WP Google Review Slider allows SQL Injection.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google SQLi CSRF
NVD
EPSS 36% CVSS 8.3
HIGH POC KEV PATCH THREAT Act Now

Google Chrome on Windows contains a Mojo IPC handle validation flaw enabling sandbox escape through a malicious file, exploited in targeted attacks against Russian organizations in March 2025.

Microsoft Google Information Disclosure +3
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WP Google Calendar Manager allows Blind SQL Injection.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google SQLi
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Are you robot google recaptcha for wordpress allows Reflected XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Google Plus allows Reflected XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsiteeditor Site Editor Google Map allows Reflected XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS +1
NVD WPScan
EPSS 0% CVSS 6.5
MEDIUM This Month

Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Mattermost Mobile +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts - WordPress to Mobile App - WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google WordPress +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass +3
NVD
EPSS 1% CVSS 7.8
HIGH This Month

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure +2
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Kukufm +1
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF Autogpt Platform
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Information Disclosure Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Lunary
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF RCE +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 16% CVSS 8.8
HIGH PATCH Act Now

Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.4% and no vendor patch available.

Use After Free Memory Corruption Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Dr 820 Firmware +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability was found in BlackVue App 3.65 on Android. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Android
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Element Android is an Android Matrix Client provided by Element. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Element +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google WordPress Authentication Bypass +2
NVD
EPSS 0% CVSS 3.7
LOW POC Monitor

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Rated low severity (CVSS 3.7). Public exploit code available and no vendor patch available.

Command Injection Gitlab Google
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Paloalto Google +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing Authorization vulnerability in Jogesh Responsive Google Map allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Google Map: from n/a through 3.1.5. [CVSS 5.3 MEDIUM]

Authentication Bypass Google
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) in the Google News Editors Picks Feed Generator WordPress plugin (versions ≤2.1) enables attackers to chain exploitation into Stored XSS, allowing malicious scripts to persist in the site database and execute in administrator or user browsers. The attack requires tricking an authenticated administrator into visiting a malicious site or clicking a crafted link (UI:R). EPSS score is very low (0.05%, 14th percentile), indicating minimal real-world exploitation observed. No CISA KEV listing and no public POC identified at time of analysis.

XSS CSRF Google
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds read in V8 in Google Chrome versions up to 134.0.6998.88 is affected by out-of-bounds read (CVSS 8.8).

Chrome Suse Google
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Inspector in Google Chrome versions up to 134.0.6998.88 is affected by use after free (CVSS 8.8).

Chrome Suse Google
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Type Confusion in V8 in Google Chrome versions up to 134.0.6998.88 is affected by access of resource using incompatible type (type confusion) (CVSS 8.8).

Chrome Suse Google
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Type Confusion in V8 in Google Chrome versions up to 134.0.6998.88 is affected by access of resource using incompatible type (type confusion) (CVSS 8.8).

Chrome Suse Google
NVD
EPSS 0% CVSS 8.1
HIGH This Week

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google WordPress Authentication Bypass +1
NVD
EPSS 0% CVSS 3.2
LOW Monitor

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Authentication Bypass +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Os +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +3
NVD
Prev Page 35 of 156 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy