Security Vulnerabilities - CVEs Published In April 2025
A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.
CVSS Score
8.6
EPSS Score
0.007
Published
2025-04-02
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)
CVSS Score
8.6
EPSS Score
0.002
Published
2025-04-02
Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
8.8
EPSS Score
0.002
Published
2025-04-02
Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
8.8
EPSS Score
0.002
Published
2025-04-02
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
6.5
EPSS Score
0.003
Published
2025-04-02
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
5.4
EPSS Score
0.0
Published
2025-04-02
Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
5.4
EPSS Score
0.002
Published
2025-04-02
Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
5.4
EPSS Score
0.002
Published
2025-04-02
Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
5.4
EPSS Score
0.002
Published
2025-04-02
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution
CVSS Score
4.7
EPSS Score
0.017
Published
2025-04-02