Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/333178?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "type": "apk", "namespace": "alpine", "name": "qt6-qtwebengine", "version": "6.8.2-r3", "qualifiers": { "arch": "armv7", "distroversion": "v3.23", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "6.8.2-r4", "latest_non_vulnerable_version": "6.10.3-r3", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64556?format=api", "vulnerability_id": "VCID-3194-1n1h-efd2", "summary": "An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24201.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.434", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43448", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43458", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43434", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24201" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.apple.com/en-us/122281", "reference_id": "122281", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122281" }, { "reference_url": "https://support.apple.com/en-us/122283", "reference_id": "122283", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122283" }, { "reference_url": "https://support.apple.com/en-us/122284", "reference_id": "122284", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122284" }, { "reference_url": "https://support.apple.com/en-us/122285", "reference_id": "122285", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122285" }, { "reference_url": "https://support.apple.com/en-us/122345", "reference_id": "122345", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122345" }, { "reference_url": "https://support.apple.com/en-us/122346", "reference_id": "122346", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122346" }, { "reference_url": "https://support.apple.com/en-us/122372", "reference_id": "122372", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122372" }, { "reference_url": "https://support.apple.com/en-us/122376", "reference_id": "122376", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351802", "reference_id": "2351802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351802" }, { "reference_url": "https://security.gentoo.org/glsa/202511-02", "reference_id": "GLSA-202511-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10364", "reference_id": "RHSA-2025:10364", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10364" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2863", "reference_id": "RHSA-2025:2863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2864", "reference_id": "RHSA-2025:2864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2997", "reference_id": "RHSA-2025:2997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2998", "reference_id": "RHSA-2025:2998", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3000", "reference_id": "RHSA-2025:3000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3001", "reference_id": "RHSA-2025:3001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3002", "reference_id": "RHSA-2025:3002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3005", "reference_id": "RHSA-2025:3005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3034", "reference_id": "RHSA-2025:3034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3034" }, { "reference_url": "https://usn.ubuntu.com/7395-1/", "reference_id": "USN-7395-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7395-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-24201" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3194-1n1h-efd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78038?format=api", "vulnerability_id": "VCID-518x-ten9-sfe3", "summary": "xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55549.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55549.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27809", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27946", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27894", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27857", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55549" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55549", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55549" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100565", "reference_id": "1100565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100565" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352484", "reference_id": "2352484", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3613", "reference_id": "RHSA-2025:3613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3614", "reference_id": "RHSA-2025:3614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3615", "reference_id": "RHSA-2025:3615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3619", "reference_id": "RHSA-2025:3619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3624", "reference_id": "RHSA-2025:3624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3625", "reference_id": "RHSA-2025:3625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3626", "reference_id": "RHSA-2025:3626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3627", "reference_id": "RHSA-2025:3627", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4025", "reference_id": "RHSA-2025:4025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4098", "reference_id": "RHSA-2025:4098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4427", "reference_id": "RHSA-2025:4427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4431", "reference_id": "RHSA-2025:4431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4677", "reference_id": "RHSA-2025:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4731", "reference_id": "RHSA-2025:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7410", "reference_id": "RHSA-2025:7410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7496", "reference_id": "RHSA-2025:7496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8303", "reference_id": "RHSA-2025:8303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8303" }, { "reference_url": "https://usn.ubuntu.com/7357-1/", "reference_id": "USN-7357-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7357-1/" }, { "reference_url": "https://usn.ubuntu.com/7787-1/", "reference_id": "USN-7787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-55549" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-518x-ten9-sfe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64558?format=api", "vulnerability_id": "VCID-52g3-s35s-1kfd", "summary": "Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2783.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2783.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.4686", "scoring_system": "epss", "scoring_elements": "0.97735", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.4686", "scoring_system": "epss", "scoring_elements": "0.97733", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.4686", "scoring_system": "epss", "scoring_elements": "0.97734", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2783" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355557", "reference_id": "2355557", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355557" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/webapps/52403.txt", "reference_id": "CVE-2025-2783", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/webapps/52403.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-2783" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52g3-s35s-1kfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64275?format=api", "vulnerability_id": "VCID-784x-3s4y-yfhz", "summary": "Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20201", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20316", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20305", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20266", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0437" }, { "reference_url": "https://issues.chromium.org/issues/378623799", "reference_id": "378623799", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:01:35Z/" } ], "url": "https://issues.chromium.org/issues/378623799" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html", "reference_id": "stable-channel-update-for-desktop_14.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:01:35Z/" } ], "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-0437" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-784x-3s4y-yfhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64544?format=api", "vulnerability_id": "VCID-a52g-vk9a-qkfd", "summary": "Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10316", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10422", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10442", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.104", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1915" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1915", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1915" }, { "reference_url": "https://issues.chromium.org/issues/391114799", "reference_id": "391114799", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:23Z/" } ], "url": "https://issues.chromium.org/issues/391114799" }, { "reference_url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:23Z/" } ], "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-1915" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a52g-vk9a-qkfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64548?format=api", "vulnerability_id": "VCID-bf49-1ck1-5yb5", "summary": "Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71615", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71647", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71653", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71629", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1919" }, { "reference_url": "https://issues.chromium.org/issues/392375312", "reference_id": "392375312", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:13Z/" } ], "url": "https://issues.chromium.org/issues/392375312" }, { "reference_url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:13Z/" } ], "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-1919" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bf49-1ck1-5yb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78039?format=api", "vulnerability_id": "VCID-bt7a-eucw-gkbq", "summary": "numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24855.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25009", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25131", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25119", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25066", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24855" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100566", "reference_id": "1100566", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100566" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352483", "reference_id": "2352483", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3107", "reference_id": "RHSA-2025:3107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3389", "reference_id": "RHSA-2025:3389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3528", "reference_id": "RHSA-2025:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3615", "reference_id": "RHSA-2025:3615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3619", "reference_id": "RHSA-2025:3619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3624", "reference_id": "RHSA-2025:3624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3625", "reference_id": "RHSA-2025:3625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3626", "reference_id": "RHSA-2025:3626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3627", "reference_id": "RHSA-2025:3627", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4098", "reference_id": "RHSA-2025:4098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4427", "reference_id": "RHSA-2025:4427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4431", "reference_id": "RHSA-2025:4431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4677", "reference_id": "RHSA-2025:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4731", "reference_id": "RHSA-2025:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7496", "reference_id": "RHSA-2025:7496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8303", "reference_id": "RHSA-2025:8303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8303" }, { "reference_url": "https://usn.ubuntu.com/7361-1/", "reference_id": "USN-7361-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7361-1/" }, { "reference_url": "https://usn.ubuntu.com/7787-1/", "reference_id": "USN-7787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-24855" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bt7a-eucw-gkbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64281?format=api", "vulnerability_id": "VCID-cpvf-r1hd-fuft", "summary": "Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75386", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75405", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75408", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75399", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0443" }, { "reference_url": "https://issues.chromium.org/issues/376625003", "reference_id": "376625003", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-15T14:30:28Z/" } ], "url": "https://issues.chromium.org/issues/376625003" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html", "reference_id": "stable-channel-update-for-desktop_14.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-15T14:30:28Z/" } ], "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-0443" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpvf-r1hd-fuft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64564?format=api", "vulnerability_id": "VCID-cyc9-pwx3-afcn", "summary": "Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02524", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02592", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02595", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0254", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3071" }, { "reference_url": "https://issues.chromium.org/issues/40051596", "reference_id": "40051596", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T20:23:07Z/" } ], "url": "https://issues.chromium.org/issues/40051596" }, { "reference_url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T20:23:07Z/" } ], "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-3071" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyc9-pwx3-afcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/347875?format=api", "vulnerability_id": "VCID-e5yj-ducb-qfdj", "summary": "", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-0998" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5yj-ducb-qfdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64554?format=api", "vulnerability_id": "VCID-g7zz-3cqc-r7fz", "summary": "Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57762", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57777", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57785", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57775", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2136" }, { "reference_url": "https://issues.chromium.org/issues/395032416", "reference_id": "395032416", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T04:00:34Z/" } ], "url": "https://issues.chromium.org/issues/395032416" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html", "reference_id": "stable-channel-update-for-desktop_10.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T04:00:34Z/" } ], "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-2136" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7zz-3cqc-r7fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64285?format=api", "vulnerability_id": "VCID-gf69-1xrn-z3hx", "summary": "Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75386", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75405", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75408", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75399", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0447" }, { "reference_url": "https://issues.chromium.org/issues/375550814", "reference_id": "375550814", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-15T14:26:16Z/" } ], "url": "https://issues.chromium.org/issues/375550814" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html", "reference_id": "stable-channel-update-for-desktop_14.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-15T14:26:16Z/" } ], "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-0447" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gf69-1xrn-z3hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64296?format=api", "vulnerability_id": "VCID-gvma-xgh1-vyfq", "summary": "Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59326", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.5935", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59353", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59345", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0762" }, { "reference_url": "https://issues.chromium.org/issues/384844003", "reference_id": "384844003", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-29T14:20:02Z/" } ], "url": "https://issues.chromium.org/issues/384844003" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html", "reference_id": "stable-channel-update-for-desktop_28.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-29T14:20:02Z/" } ], "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-0762" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvma-xgh1-vyfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64303?format=api", "vulnerability_id": "VCID-gyfz-x4y6-q3ck", "summary": "Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75577", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75598", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75601", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.7559", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0999" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0999", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0999" }, { "reference_url": "https://issues.chromium.org/issues/394350433", "reference_id": "394350433", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:05:30Z/" } ], "url": "https://issues.chromium.org/issues/394350433" }, { "reference_url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html", "reference_id": "stable-channel-update-for-desktop_18.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:05:30Z/" } ], "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-0999" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyfz-x4y6-q3ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58417?format=api", "vulnerability_id": "VCID-jv7j-g928-gygt", "summary": "7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.44229", "scoring_system": "epss", "scoring_elements": "0.97622", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.44229", "scoring_system": "epss", "scoring_elements": "0.97624", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.44229", "scoring_system": "epss", "scoring_elements": "0.97623", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.44229", "scoring_system": "epss", "scoring_elements": "0.97625", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11477" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1532/", "reference_id": "ZDI-24-1532", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-30T04:55:53Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1532/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-11477" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jv7j-g928-gygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64568?format=api", "vulnerability_id": "VCID-k32f-bxt1-eqc8", "summary": "Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3619", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31617", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31721", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31688", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.3165", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3619" }, { "reference_url": "https://issues.chromium.org/issues/409619251", "reference_id": "409619251", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-17T13:38:46Z/" } ], "url": "https://issues.chromium.org/issues/409619251" }, { "reference_url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-17T13:38:46Z/" } ], "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-3619" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k32f-bxt1-eqc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64274?format=api", "vulnerability_id": "VCID-k8s4-aje7-47gk", "summary": "Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66742", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66765", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66772", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66758", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0436" }, { "reference_url": "https://issues.chromium.org/issues/382786791", "reference_id": "382786791", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-15T14:49:46Z/" } ], "url": "https://issues.chromium.org/issues/382786791" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html", "reference_id": "stable-channel-update-for-desktop_14.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-15T14:49:46Z/" } ], "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-0436" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8s4-aje7-47gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63892?format=api", "vulnerability_id": "VCID-mt59-p1kw-8udw", "summary": "Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67171", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67196", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67203", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67188", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12694" }, { "reference_url": "https://issues.chromium.org/issues/368222741", "reference_id": "368222741", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-20T04:55:46Z/" } ], "url": "https://issues.chromium.org/issues/368222741" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html", "reference_id": "stable-channel-update-for-desktop_18.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-20T04:55:46Z/" } ], "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-12694" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt59-p1kw-8udw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64547?format=api", "vulnerability_id": "VCID-q5tg-3vrn-ybgk", "summary": "Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1918", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71615", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71647", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71653", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71629", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1918" }, { "reference_url": "https://issues.chromium.org/issues/388557904", "reference_id": "388557904", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:12Z/" } ], "url": "https://issues.chromium.org/issues/388557904" }, { "reference_url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:12Z/" } ], "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-1918" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5tg-3vrn-ybgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64301?format=api", "vulnerability_id": "VCID-qtaa-hk3f-s3ff", "summary": "Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25358", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25477", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25416", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0996" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0996", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0996" }, { "reference_url": "https://issues.chromium.org/issues/391788835", "reference_id": "391788835", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:20Z/" } ], "url": "https://issues.chromium.org/issues/391788835" }, { "reference_url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html", "reference_id": "stable-channel-update-for-desktop_12.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:20Z/" } ], "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-0996" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtaa-hk3f-s3ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64550?format=api", "vulnerability_id": "VCID-r94b-j67a-nke5", "summary": "Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1921", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39903", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39955", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39958", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.3993", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1921" }, { "reference_url": "https://issues.chromium.org/issues/387583503", "reference_id": "387583503", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T14:23:59Z/" } ], "url": "https://issues.chromium.org/issues/387583503" }, { "reference_url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T14:23:59Z/" } ], "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-1921" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r94b-j67a-nke5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63891?format=api", "vulnerability_id": "VCID-tc51-r1mp-myhy", "summary": "Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02469", "scoring_system": "epss", "scoring_elements": "0.8555", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02469", "scoring_system": "epss", "scoring_elements": "0.85563", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02469", "scoring_system": "epss", "scoring_elements": "0.85568", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02469", "scoring_system": "epss", "scoring_elements": "0.85565", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12693" }, { "reference_url": "https://issues.chromium.org/issues/382190919", "reference_id": "382190919", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-20T04:55:44Z/" } ], "url": "https://issues.chromium.org/issues/382190919" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html", "reference_id": "stable-channel-update-for-desktop_18.html", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-20T04:55:44Z/" } ], "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-12693" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc51-r1mp-myhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64306?format=api", "vulnerability_id": "VCID-txfy-tq7t-t3fz", "summary": "Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1006", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00578", "scoring_system": "epss", "scoring_elements": "0.69253", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00578", "scoring_system": "epss", "scoring_elements": "0.69269", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00578", "scoring_system": "epss", "scoring_elements": "0.69278", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1006" }, { "reference_url": "https://issues.chromium.org/issues/390590778", "reference_id": "390590778", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:09:20Z/" } ], "url": "https://issues.chromium.org/issues/390590778" }, { "reference_url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html", "reference_id": "stable-channel-update-for-desktop_18.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:09:20Z/" } ], "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-1006" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txfy-tq7t-t3fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64538?format=api", "vulnerability_id": "VCID-u2mf-1wmy-eqhs", "summary": "Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.6046", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60485", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60488", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60477", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1426" }, { "reference_url": "https://issues.chromium.org/issues/383465163", "reference_id": "383465163", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:08:33Z/" } ], "url": "https://issues.chromium.org/issues/383465163" }, { "reference_url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html", "reference_id": "stable-channel-update-for-desktop_18.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:08:33Z/" } ], "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-1426" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2mf-1wmy-eqhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64293?format=api", "vulnerability_id": "VCID-xe6e-yjg8-s3fp", "summary": "Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.7088", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70903", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.7091", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70893", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0611" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0611", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0611" }, { "reference_url": "https://issues.chromium.org/issues/386143468", "reference_id": "386143468", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-22T20:02:12Z/" } ], "url": "https://issues.chromium.org/issues/386143468" }, { "reference_url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html", "reference_id": "stable-channel-update-for-desktop_22.html", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-22T20:02:12Z/" } ], "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-0611" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xe6e-yjg8-s3fp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64276?format=api", "vulnerability_id": "VCID-xfq3-vetb-kqf2", "summary": "Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58297", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58315", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58323", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58312", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0438" }, { "reference_url": "https://issues.chromium.org/issues/384186539", "reference_id": "384186539", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:45:34Z/" } ], "url": "https://issues.chromium.org/issues/384186539" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html", "reference_id": "stable-channel-update-for-desktop_14.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:45:34Z/" } ], "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-0438" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xfq3-vetb-kqf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64279?format=api", "vulnerability_id": "VCID-ycdj-tgds-jfd7", "summary": "Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0441", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22929", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23042", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23028", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22983", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0441" }, { "reference_url": "https://issues.chromium.org/issues/368628042", "reference_id": "368628042", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:36:52Z/" } ], "url": "https://issues.chromium.org/issues/368628042" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html", "reference_id": "stable-channel-update-for-desktop_14.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:36:52Z/" } ], "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/333178?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2025-0441" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ycdj-tgds-jfd7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.2-r3%3Farch=armv7&distroversion=v3.23&reponame=community" }