CVE-2025-4052

CRITICAL Year: 2025
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-838
View all →

Vulnerability Description

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

Related Vulnerabilities

CVE-2019-18981

CRITICAL
CVSS:9.8(Critical)

Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.

CWE-8382019

CVE-2019-18981

CRITICAL
CVSS:9.8(Critical)

Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.

CWE-8382019

CVE-2018-9862

HIGH
CVSS:7.8(High)

util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issu...

CWE-8382018

CVE-2024-11702

HIGH
CVSS:7.5(High)

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects F...

CWE-8382024

CVE-2019-6110

MEDIUM
CVSS:6.8(Medium)

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI co...

CWE-8382019

CVE-2023-6512

MEDIUM
CVSS:6.5(Medium)

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML p...

CWE-8382023