CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в thunderbird, firefox

A poorly handled security check during the creation of a WebSocket in a WebWorker caused the Content Security Policy’s connect-src header to be ignored. This could lead to connections being made to restricted origins from within WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102....

6.5CVSS6.8AI score0.00142EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в firefox

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

9.1CVSS5.8AI score0.00317EPSS

Exploits0References2

RedhatCVE•added 2026/03/27 10:51 p.m.•0 views

CVE-2026-33525

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In version 4.39.15, an attacker may potentially be able to inject javascript into the Authelia login page if several conditions are met...

2.1CVSS5.9AI score0.0002EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-21379

Malicious code in bioql PyPI...

9.1CVSS8.8AI score0.00317EPSS

Exploits0References3

Tenable Nessus•added 2025/08/07 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2025-6427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections...

9.1CVSS7.4AI score0.00317EPSS

Exploits0References2

CNVD•added 2025/07/04 12:0 a.m.•2 views

Mozilla Firefox Security Bypass Vulnerability (CNVD-2025-15499)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which stems from the connect-src directive can be bypassed, and can be exploited by attackers to bypass security restrictions...

9.1CVSS7AI score0.00317EPSS

Exploits0References1

Mozilla•added 2025/07/02 12:0 a.m.•20 views

Security Vulnerabilities fixed in Thunderbird 140 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

9.8CVSS7.6AI score0.01103EPSS

Exploits0References12Affected Software1

OSV•added 2025/06/24 1:15 p.m.•2 views

CVE-2025-6427

9.1CVSS5.8AI score

Exploits0References3

AlpineLinux•added 2025/06/24 1:15 p.m.•2 views

CVE-2025-6427

9.1CVSS6.5AI score0.00317EPSS

Exploits0References3

CNNVD•added 2025/06/24 12:0 a.m.•2 views

Mozilla Firefox 安全漏洞

9.1CVSS6.5AI score0.00317EPSS

Exploits0References4

Mozilla•added 2025/06/24 12:0 a.m.•9 views

Security Vulnerabilities fixed in Firefox 140 — Mozilla

9.8CVSS7.6AI score0.01103EPSS

Exploits1References14Affected Software1

OSV•added 2024/08/23 11:8 a.m.•1 views

OESA-2024-2057 mozjs78 security update

SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security...

6.5CVSS8.5AI score0.00142EPSS

Exploits0References2