Export limit exceeded: 344400 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 13878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13878 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6994 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header. | ||||
| CVE-2008-6512 | 1 Google | 1 Gears | 2025-04-09 | N/A |
| Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain. | ||||
| CVE-2008-5915 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2008-5749 | 2 Google, Microsoft | 2 Chrome, Windows Xp | 2025-04-09 | N/A |
| Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission. | ||||
| CVE-2008-4724 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4340 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. | ||||
| CVE-2008-3891 | 1 Google | 1 Google Apps | 2025-04-09 | N/A |
| The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | ||||
| CVE-2008-0986 | 1 Google | 1 Android Sdk | 2025-04-09 | N/A |
| Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field. | ||||
| CVE-2007-6536 | 1 Google | 1 Toolbar | 2025-04-09 | N/A |
| The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. | ||||
| CVE-2007-6452 | 1 Google | 1 Web Toolkit | 2025-04-09 | N/A |
| Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | ||||
| CVE-2007-6212 | 1 Google | 1 Kml | 2025-04-09 | N/A |
| Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter. | ||||
| CVE-2007-5255 | 1 Google | 1 Mini Search Appliance | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI. | ||||
| CVE-2009-3932 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state." | ||||
| CVE-2025-0444 | 1 Google | 1 Chrome | 2025-04-08 | 6.3 Medium |
| Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-0445 | 1 Google | 1 Chrome | 2025-04-08 | 5.4 Medium |
| Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-0451 | 1 Google | 1 Chrome | 2025-04-08 | 6.3 Medium |
| Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2025-0997 | 1 Google | 1 Chrome | 2025-04-07 | 8.1 High |
| Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2025-1426 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-1006 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium) | ||||
| CVE-2025-0999 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||