CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/05/20 5:37 p.m.•7 views

CVE-2025-47850

In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning...

4.3CVSS0.00002EPSS

Positive Technologies•added 2025/05/20 12:0 a.m.•3 views

PT-2025-22279 · Jetbrains · Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2025.1.74704 Description: The issue concerns restricted attachments becoming visible after issue cloning. Recommendations: For versions prior to 2025.1.74704, update to version 2025.1.74704 or later to...

4.3CVSS6.4AI score0.00002EPSS

Exploits0References6

CNNVD•added 2025/05/20 12:0 a.m.•1 views

JetBrains YouTrack 访问控制错误漏洞

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from an Access Control Error vulnerability that stems from the disclosure of restricted attachments during a cloning issue, which can be exploited by...

5.3CVSS6.3AI score0.00002EPSS

CNNVD•added 2025/05/20 12:0 a.m.•1 views

Part-DB 代码注入漏洞

Part-DB is an open source web-based database from Part-DB for managing electronic components. A code injection vulnerability exists in Part-DB 1.17.0 and earlier versions, which stems from the improper handling of the parameter attachment in the file...

5.1CVSS4.7AI score0.00185EPSS

Exploits0References6

NVD•added 2025/05/17 12:15 p.m.•18 views

CVE-2024-13613

The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which c...

7.5CVSS0.00372EPSS

CVE•added 2025/05/16 2:31 p.m.•43 views

CVE-2025-47793

The CVE-2025-47793 issue affects Nextcloud Server and the Groupfolders app where, due to missing quota enforcement on attachments, logged-in users could upload files that exceed the group folder quota. Affected versions and fixes are: Nextcloud Server: before 30.0.2, 29.0.9, 28.0.1 Nextcloud Ente...

6.5CVSS4.6AI score0.00284EPSS

Exploits0References4Affected Software2

RedHat Linux•added 2025/05/15 1:5 p.m.•7 views

xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...

7.4CVSS5.8AI score0.00045EPSS

Exploits1References5

AlpineLinux•added 2025/05/14 5:15 p.m.•2 views

CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

6.5CVSS7.1AI score0.00422EPSS

OSV•added 2025/05/14 5:15 p.m.•1 views

DEBIAN-CVE-2025-3909

8.1CVSS7.2AI score0.00422EPSS

OSV•added 2025/05/14 5:15 p.m.•7 views

CVE-2025-3932

It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web...

6.5CVSS6.4AI score

OSV•added 2025/05/14 5:15 p.m.•0 views

UBUNTU-CVE-2025-3909

8.1CVSS7.1AI score0.00422EPSS

Cvelist•added 2025/05/14 4:56 p.m.•12 views

CVE-2025-3909 JavaScript Execution via Spoofed PDF Attachment and file:/// Link

0.00422EPSS

Exploits0References3

CNNVD•added 2025/05/14 12:0 a.m.•1 views

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation in the United States that is separate from the Mozilla Application Suite. The software supports the IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla...

6.5CVSS6.9AI score0.00281EPSS

RedHat Linux•added 2025/05/13 2:1 p.m.•4 views

thunderbird: User Interface (UI) Misrepresentation of attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the...

6.4CVSS6.5AI score0.00106EPSS

RedHat Linux•added 2025/05/07 8:33 a.m.•3 views

thunderbird: User Interface (UI) Misrepresentation of attachment URL

6.4CVSS6.5AI score0.00106EPSS

RedHat Linux•added 2025/05/07 5:58 a.m.•3 views

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...

6.3CVSS6.6AI score0.001EPSS

RedHat Linux•added 2025/05/07 5:58 a.m.•4 views

thunderbird: User Interface (UI) Misrepresentation of attachment URL

6.4CVSS6.5AI score0.00106EPSS

RedHat Linux•added 2025/05/06 7:58 a.m.•2 views

thunderbird: Information Disclosure of /tmp directory listing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edit...

6.3CVSS6.4AI score0.00099EPSS