CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5824 matches found

Cvelist•added 2025/10/14 12:27 p.m.•5 views

CVE-2025-11719 Use-after-free caused by the native messaging web extension API on Windows

Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

0.00323EPSS

Exploits0References3

Snyk•added 2025/10/14 4:45 a.m.•6 views

Malicious Package

Overview optional-native-module-xyz is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score

Exploits0References2

Mozilla•added 2025/10/14 12:0 a.m.•7 views

Security Vulnerabilities fixed in Firefox 144 — Mozilla

Use-after-free in MediaTrackGraphImpl::GetInstance A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to...

9.8CVSS7.1AI score0.00465EPSS

Exploits0References15Affected Software1

Positive Technologies•added 2025/10/14 12:0 a.m.•3 views

PT-2025-41907

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 144 Thunderbird versions prior to 144 Description A flaw exists in Firefox and Thunderbird where the use of the native messaging API by web extensions on Windows may result in crashes due to use-after-free memory...

10CVSS6.6AI score0.00465EPSS

Exploits0References30

Kaspersky•added 2025/10/14 12:0 a.m.•3 views

KLA89242 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of...

9.8CVSS7.8AI score0.00465EPSS

Exploits0References3

EUVD•added 2025/10/08 6:25 p.m.•3 views

EUVD-2025-33320

Malicious code in optional-native-module-abc npm...

6.6AI score

Exploits0

OSSF Malicious Packages•added 2025/10/08 6:18 p.m.•3 views

Malicious code in optional-native-module-abc (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ae21c7e7ad399a3a2a3bf0b58502513f2aa7d40e23bb801a75dd10e871bbf04 Any computer that has this package installed or running should be considered...

6.8AI score

Exploits0References1