cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1006,https://securityvulnerability.io/vulnerability/CVE-2025-1006,Use After Free Vulnerability in Google Chrome Network Module,"A use after free vulnerability was identified in the network module of Google Chrome prior to version 133.0.6943.126. This flaw can allow a remote attacker to exploit heap memory corruption issues through specially crafted web applications, potentially compromising system integrity or leading to an unexpected application state.",Google,Chrome,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-19T16:55:31.747Z,0
CVE-2025-1426,https://securityvulnerability.io/vulnerability/CVE-2025-1426,Heap Buffer Overflow Vulnerability in Google Chrome for Android,"A heap buffer overflow vulnerability has been identified in Google Chrome for Android, potentially allowing remote attackers to exploit heap corruption through a specifically crafted HTML page. This flaw can lead to significant security risks, enabling unauthorized access and manipulation of data.",Google,Chrome,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-19T16:55:31.252Z,0
CVE-2025-0999,https://securityvulnerability.io/vulnerability/CVE-2025-0999,Heap Buffer Overflow in Google Chrome by Google,"A significant security flaw was identified in the V8 engine within Google Chrome, where a heap buffer overflow could occur. This vulnerability enables remote attackers to manipulate heap memory through specially crafted HTML pages, potentially leading to heap corruption. Users of Google Chrome versions prior to 133.0.6943.126 are at risk and should ensure their browsers are updated to mitigate threats.",Google,Chrome,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-19T16:55:30.675Z,574
CVE-2025-0998,https://securityvulnerability.io/vulnerability/CVE-2025-0998,Out of Bounds Memory Access in Google Chrome by Google,"A vulnerability exists in Google Chrome due to out of bounds memory access in the V8 JavaScript engine. This flaw enables remote attackers to execute arbitrary code within a sandboxed environment by tricking users into loading specially crafted HTML pages, potentially leading to significant security breaches. Users are encouraged to update their browsers to mitigate the risks associated with this vulnerability.",Google,Chrome,9.6,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-15T01:17:26.235Z,0
CVE-2025-0997,https://securityvulnerability.io/vulnerability/CVE-2025-0997,Use After Free Vulnerability in Google Chrome Navigation,A use after free vulnerability has been identified in the Navigation component of Google Chrome versions prior to 133.0.6943.98. This flaw can be exploited by remote attackers to perform heap corruption through crafted Chrome Extensions. Users are urged to update their browsers to mitigate potential security threats associated with this vulnerability.,Google,Chrome,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-15T01:17:25.637Z,0
CVE-2025-0996,https://securityvulnerability.io/vulnerability/CVE-2025-0996,Browser UI Spoofing Vulnerability in Google Chrome for Android,"A vulnerability in the implementation of the Browser UI in Google Chrome for Android allows a malicious actor to spoof the Omnibox content through a specially crafted HTML page. This exploit could mislead users by displaying deceptive URLs, potentially facilitating phishing attacks. Users of Google Chrome on Android versions prior to 133.0.6943.98 are at risk and should consider updating to maintain security.",Google,Chrome,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-15T01:17:25.209Z,0
CVE-2025-0995,https://securityvulnerability.io/vulnerability/CVE-2025-0995,Use After Free Vulnerability in Google Chrome by Google,A use after free vulnerability in the V8 engine of Google Chrome allows remote attackers to exploit heap corruption by crafting malicious HTML pages. This flaw can lead to unauthorized actions within the browser and potentially compromise user security. Users of affected versions are advised to upgrade to the latest version to mitigate risks associated with this vulnerability.,Google,Chrome,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-15T01:17:24.705Z,216
CVE-2025-0982,https://securityvulnerability.io/vulnerability/CVE-2025-0982,JavaScript Task Sandbox Escape in Google Cloud Application Integration,"A sandbox escape vulnerability has been identified in the JavaScript Task feature of Google Cloud Application Integration. This flaw allows malicious actors to execute arbitrary unsandboxed code through crafted JavaScript, utilizing the Rhino engine. As of January 24, 2025, Google Cloud Application Integration will cease support for the Rhino engine, mitigating this issue. No further action is required for users in this respect.",Google Cloud,Application Integration,9.4,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-06T11:37:57.460Z,0
CVE-2025-0451,https://securityvulnerability.io/vulnerability/CVE-2025-0451,UI Spoofing Vulnerability in Google Chrome Extensions,"A vulnerability exists in Google Chrome's Extensions API that allows remote attackers to manipulate UI elements through crafted Chrome Extensions. By convincing a user to execute specific UI gestures, the attacker can display misleading information, potentially causing users to divulge sensitive information or interact with unintended interfaces. This flaw highlights the importance of user vigilance and the need for timely updates to protect against such exploits.",Google,Chrome,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-04T18:53:06.962Z,0
CVE-2025-0445,https://securityvulnerability.io/vulnerability/CVE-2025-0445,Use After Free Vulnerability in Google Chrome,"A use after free vulnerability has been identified in the V8 engine of Google Chrome, which allows remote attackers to exploit heap corruption. This can be triggered by a specially crafted HTML page, potentially leading to unauthorized actions or data exposure. The issue affects Google Chrome versions before 133.0.6943.53, highlighting the importance of keeping your browser updated to enhance security and protect against potential threats.",Google,Chrome,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-04T18:53:06.689Z,174
CVE-2025-0444,https://securityvulnerability.io/vulnerability/CVE-2025-0444,Use After Free Vulnerability in Google Chrome,"A use after free vulnerability exists in the Skia graphics library within Google Chrome prior to version 133.0.6943.53. This flaw can potentially allow a remote attacker to exploit heap corruption through a specially crafted HTML page, leading to unauthorized actions or compromise of system integrity. Users are advised to update to the latest version to mitigate this risk.",Google,Chrome,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-04T18:53:06.437Z,126
CVE-2025-24959,https://securityvulnerability.io/vulnerability/CVE-2025-24959,Arbitrary Command Execution Vulnerability in zx Tool by Google,"The zx tool, widely used for scripting, has a vulnerability that allows an attacker to manipulate environment variable values, potentially leading to arbitrary command execution. This occurs when applications process untrusted input through `dotenv.stringify`, making them susceptible to unexpected behavior if they rely on environment variables for critical security functions. Users are encouraged to upgrade to version 8.3.2 to address this issue. For those unable to upgrade, it is crucial to sanitize user-controlled values carefully, avoiding characters like double quotes, single quotes, and backticks, or to enforce strict validation on environment variables prior to use.",Google,Zx,1,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-03T20:48:16.507Z,0
CVE-2024-10604,https://securityvulnerability.io/vulnerability/CVE-2024-10604,Network Protocol Vulnerability in Fuchsia by Google,"The vulnerability in Fuchsia relates to the algorithms that generate key network protocol header fields including TCP Initial Sequence Numbers (ISN), TCP timestamps, source ports for both TCP and UDP, and the fragment IDs for IPv4 and IPv6. Due to weaknesses in these algorithms, it is possible for an attacker to predict these values under specific conditions. This can lead to various security risks, including session hijacking and unauthorized access to sensitive data, making it essential for users and systems relying on Fuchsia to assess and implement necessary security measures.",Google,Fuchsia,6.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T19:17:10.012Z,0
CVE-2024-10603,https://securityvulnerability.io/vulnerability/CVE-2024-10603,Weakness in TCP/UDP Source Port Generation in Google's gVisor,"Google's gVisor has a vulnerability related to the generation of TCP and UDP source ports, where these values can be predicted by an external attacker under certain conditions. This weakness could enable attackers to exploit the affected systems, raising concerns about the security posture of applications utilizing gVisor for container isolation. Addressing this flaw is essential to ensuring the integrity and confidentiality of network communications.",Google,Gvisor,6.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-30T19:14:38.619Z,0
CVE-2024-10026,https://securityvulnerability.io/vulnerability/CVE-2024-10026,Weak Hashing Algorithm in Google gVisor Exposes Device Tracking Risks,"A vulnerability in Google's gVisor arises from the use of a weak hashing algorithm combined with small sizes of seeds and secrets. This flaw allows remote attackers to potentially calculate a local IP address and generate a per-boot identifier, which can be exploited to track devices under specific conditions. As a result, the integrity and privacy of user sessions may be compromised, highlighting the need for enhanced security measures in gVisor's design.",Google,Gvisor,6.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-30T19:12:27.994Z,0
CVE-2025-0762,https://securityvulnerability.io/vulnerability/CVE-2025-0762,Use After Free Vulnerability in Google Chrome DevTools,"A use after free vulnerability in the DevTools of Google Chrome allows remote attackers to exploit heap corruption through a specially crafted Chrome Extension. This issue affects versions prior to 132.0.6834.159, potentially allowing an attacker to manipulate memory and execute arbitrary code. Users are advised to upgrade to the latest version to mitigate this security risk.",Google,Chrome,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-29T10:33:45.673Z,0
CVE-2024-40677,https://securityvulnerability.io/vulnerability/CVE-2024-40677,Privilege Escalation Vulnerability in Android Settings Application,"A vulnerability exists in the Android Settings application that allows for potential bypass of factory reset protections due to a missing permission check in the shouldSkipForInitialSUW function of AdvancedPowerUsageDetail.java. This flaw could enable an attacker to escalate privileges locally without the need for user interaction, making it a significant concern for device security.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:41.402Z,0
CVE-2024-40676,https://securityvulnerability.io/vulnerability/CVE-2024-40676,Intent Security Bypass in Android Account Manager by Google,"A vulnerability in the checkKeyIntent method of the AccountManagerService.java code allows for the bypass of intent security checks. This flaw could enable the installation of unauthorized applications through a confused deputy attack, resulting in local privilege escalation. Notably, the exploit does not require user interaction, which heightens the risk of unauthorized access to sensitive functionalities within the affected Android ecosystem.",Google,Android,7.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:41.279Z,0
CVE-2024-40675,https://securityvulnerability.io/vulnerability/CVE-2024-40675,Infinite Loop Vulnerability in Intent.java of Android Framework,"A vulnerability exists in the parseUriInternal function of the Intent.java component of the Android framework. This flaw arises from insufficient input validation, potentially leading to an infinite loop. Exploitation of this vulnerability could result in a local denial of service situation, allowing an attacker to disrupt device functionality without needing any additional execution privileges. Importantly, user interaction is not required for the exploitation of this weakness.",Google,Android,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:41.191Z,0
CVE-2024-40674,https://securityvulnerability.io/vulnerability/CVE-2024-40674,Logic Error in Android WiFi Configuration Leading to Denial of Service,"A logic error in the function validateSsid of WifiConfigurationUtil.java allows for a potential overflow in a system configuration file. This flaw can lead to a local denial of service, enabling an attacker to affect the device's WiFi functionality without requiring any additional execution privileges or user interaction. Given this scenario, corrective measures should be undertaken to patch the vulnerability.",Google,Android,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:41.052Z,0
CVE-2024-40673,https://securityvulnerability.io/vulnerability/CVE-2024-40673,Arbitrary Code Execution Vulnerability in Android Due to Input Validation Flaw,"The vulnerability in Android's ZipFile.java allows attackers to exploit improper input validation during Dynamic Code Loading. By manipulating this aspect, an attacker can execute arbitrary code without needing additional privileges or user interaction. This flaw poses a significant risk as it enables potential remote code execution, compromising system integrity and security.",Google,Android,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.927Z,0
CVE-2024-40672,https://securityvulnerability.io/vulnerability/CVE-2024-40672,Local Privilege Escalation Vulnerability in Android Intent Resolver,"A vulnerability exists within the Android Intent Resolver that may allow a local attacker to bypass factory reset protections due to a missing permission check in the ChooserActivity. This flaw enables an elevation of privileges without requiring additional execution privileges or user interaction, posing a significant risk to device security.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.821Z,0
CVE-2024-40670,https://securityvulnerability.io/vulnerability/CVE-2024-40670,Use After Free Vulnerability in Android,"A vulnerability exists in Android OS allowing for a use after free condition, caused by a race condition within the system. This flaw can be exploited to escalate privileges locally without the need for additional execution privileges, raising significant security concerns. No user interaction is necessary for an attacker to exploit this vulnerability, making it particularly dangerous.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.727Z,0
CVE-2024-40669,https://securityvulnerability.io/vulnerability/CVE-2024-40669,Race Condition Vulnerability in Android Products by Google,"A race condition vulnerability exists in Android products by Google, which allows a use after free condition. This flaw could facilitate local escalation of privileges without requiring additional execution permissions. The exploitation of this vulnerability can occur without user interaction, posing a significant threat to user security and application integrity.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.607Z,0
CVE-2024-40651,https://securityvulnerability.io/vulnerability/CVE-2024-40651,Use-After-Free Vulnerability in Android Kernel,"This vulnerability presents a use-after-free issue in the Android kernel, stemming from a logic error in the code. It allows local escalation of privilege, meaning that an attacker can exploit this flaw without needing additional execution privileges or user interaction. This can lead to significant risks if not promptly addressed.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.514Z,0