Lucene search
K

17049 matches found

Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50358

Name of the Vulnerable Software and Affected Versions Jenkins Git client Plugin versions 6.4.0 and earlier Description The Jenkins Git client Plugin does not properly escape the path to the workspace directory when creating a temporary shell script. This allows attackers who can control the...

5CVSS7.1AI score0.00179EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/10 12:0 a.m.4 views

Mozilla Thunderbird < 140.6

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-96 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146, Firefox ESR...

9.8CVSS8.6AI score0.00498EPSS
Exploits2References11
CNVD
CNVD
added 2025/12/10 12:0 a.m.82 views

Apache HTTP Server Security Bypass Vulnerability (CNVD-2025-3083394)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security bypass vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.65 due to incorrect neutralization of...

6.5CVSS6.8AI score0.00758EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202164

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox 146, Firefox ESR 115.31, and Firefox ESR 140.6...

8CVSS5.9AI score0.00276EPSS
Exploits0References5
NVD
NVD
added 2025/12/09 4:17 p.m.4 views

CVE-2025-14322

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8CVSS0.00276EPSS
Exploits0References6
OSV
OSV
added 2025/12/09 4:17 p.m.3 views

CVE-2025-14322

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8CVSS5.8AI score
Exploits0References6
OSV
OSV
added 2025/12/09 4:17 p.m.2 views

UBUNTU-CVE-2025-14322

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8CVSS7.2AI score0.00276EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2025/12/09 1:37 p.m.2 views

CVE-2025-14322

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8CVSS7.2AI score0.00276EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/09 1:37 p.m.2 views

CVE-2025-14322 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

7.2AI score0.00276EPSS
Exploits0References6
CVE
CVE
added 2025/12/09 1:37 p.m.26 views

CVE-2025-14322

CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. Affected software: Firefox versions before 146 and ESR before 115.31 and 140.6. The issue is described across multiple advisories (ALAS2023-2025-1337, ALAS2FIREFOX-2025-049, ALSA-2025:23128...

8CVSS7.2AI score0.00276EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2025/12/09 1:37 p.m.27 views

CVE-2025-14322 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

0.00276EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/12/09 1:37 p.m.3 views

CVE-2025-14322

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8CVSS7.7AI score0.00276EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/12/09 1:37 p.m.1 views

CVE-2025-14322

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8CVSS7.2AI score0.00276EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2025/12/09 11:46 a.m.208 views

Exploit for CVE-2025-9074

CVE-2025-9074: Docker Desktop Container Escape PoC !CVEhtt...

9.3CVSS7.1AI score0.01594EPSS
Exploits15
OSV
OSV
added 2025/12/09 11:38 a.m.4 views

BIT-APACHE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

8.3CVSS6.8AI score0.015EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/09 3:35 a.m.28 views

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

6.9CVSS0.00349EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 3:35 a.m.22 views

CVE-2025-67487

The CVE refers to Static Web Server (SWS) where versions 2.40.0 and earlier fail to properly constrain symbolic links, allowing path traversal to files/directories outside the web root via URL or directory listings. Root cause: symlinks escaping the server’s root due to inadequate checks. Impact:...

8.6CVSS6.3AI score0.00349EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/09 3:35 a.m.5 views

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

6.9CVSS6.7AI score0.00349EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 146, Firefox ESR versions prior to 115.31, and versions prior to 140.6, which stems from improper handling of boundary conditions in...

8CVSS6.2AI score0.00276EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: aide (UTSA-2025-991101)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991101 advisory. AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft...

6.2CVSS7.4AI score0.0021EPSS
Exploits1References4
Rows per page
Query Builder