CVE-2025-66222

DeepChat (0.5.0 and earlier) is affected by a Stored XSS in the Mermaid diagram renderer, exploitable via the Electron IPC bridge to escalate to RCE by starting a malicious MCP server. Affected product/version: DeepChat prior to 0.5.0. Root cause: XSS within Mermaid rendering allows arbitrary Jav...

PT-2025-48981

Name of the Vulnerable Software and Affected Versions DeepChat versions prior to 0.5.0 Description DeepChat, an AI smart assistant, contains a Stored Cross-Site Scripting XSS issue within the Mermaid diagram renderer. This allows an attacker to execute arbitrary JavaScript code within the...

PUB-A-445162487

In tracepointmsghandler of cpm/google/lib/tracepoint/tracepointipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-418867806

In aocservicereadmessage of aocipccore.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

PT-2025-51676

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s ksmbd module contains a use-after-free issue within the ipc msg send request function. Specifically, the function waits for a generic netlink reply using an ipc msg...

Mozilla Firefox ESR < 52.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-07 advisory. - Mozilla developers Jet Villegas and Randell Jesup reported memory safety bugs present in Firefox ESR 52.6...

Mozilla Firefox < 59.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 59.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-06 advisory. - A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during edit...

thunderbird: firefox: Cross-process information leaked due to malicious IPC messages

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...

thunderbird: firefox: Cross-process information leaked due to malicious IPC messages

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...

thunderbird: firefox: Cross-process information leaked due to malicious IPC messages

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...

CVE-2025-12380

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2...

OESA-2025-2596 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Use-after-free vulnerability in MediaTrackGraphImpl::GetInstance. This vulnerability affects Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird...

Vulnerability fixed in Mozilla Firefox

Mozilla has fixed a vulnerability in Firefox Specific for versions before 144.0.2 The vulnerability is in how a compromised child process can exploit a use-after-free issue in the GPU or browser process via WebGPU-related IPC calls. This can lead to a sandbox escape, which compromises the browser...

SUSE CVE-2025-12380

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2...

SUSE CVE-2025-40084

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transportipc: validate payload size before reading handle handleresponse dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message fr...

Linux Distros Unpatched Vulnerability : CVE-2025-12380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC...

EUVD-2025-36664

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transportipc: validate payload size before reading handle handleresponse dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message fr...

CVE-2025-40084

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transportipc: validate payload size before reading handle handleresponse dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message fr...

UBUNTU-CVE-2025-40084

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transportipc: validate payload size before reading handle handleresponse dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message fr...

CVE-2025-40084 ksmbd: transport_ipc: validate payload size before reading handle

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transportipc: validate payload size before reading handle handleresponse dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message fr...