CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6799 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в firefox, thunderbird

Offscreen Canvas did not properly prevent cross-origin tampering, which could allow access to image data from another site in violation of the same-origin policy. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

6.1CVSS6.8AI score0.01765EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в firefox

When a user opened the Web Extensions context menu, the Web Extension could access the post-redirect URL of the clicked element. If the Web Extension did not have the necessary WebRequest permissions for the hosts involved in the redirection, this would constitute a same-origin violation, allowin...

4.3CVSS5.8AI score0.00085EPSS

Exploits0References2

RedHat Linux•added 2026/05/20 5:30 a.m.•9 views

webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...

5.4CVSS6AI score0.00031EPSS

Exploits2References5

RedHat Linux•added 2026/05/20 5:30 a.m.•10 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS6.7AI score0.01376EPSS

Exploits2References19

SUSE CVE•added 2026/05/20 2:32 a.m.•8 views

SUSE CVE-2026-8948

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00039EPSS

Exploits0References3

SUSE CVE•added 2026/05/20 2:32 a.m.•10 views

SUSE CVE-2026-8950

Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.5CVSS5.8AI score0.00018EPSS

Exploits0References10

SUSE CVE•added 2026/05/20 2:31 a.m.•8 views

SUSE CVE-2026-8971

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00019EPSS

Exploits0References3

Tenable Nessus•added 2026/05/20 12:0 a.m.•8 views

RHEL 9 : webkit2gtk3 (RHSA-2026:19535)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19535 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

7.5CVSS6.8AI score0.01376EPSS

Exploits2References38

Positive Technologies•added 2026/05/20 12:0 a.m.•5 views

PT-2026-42208

Summary The SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard regardless of the caller's Origin. Because EventSource does not preflight and does not send cookies, the wildcard is sufficient to let any third-party page the developer visits open a...

4.3CVSS5.9AI score0.00031EPSS

Exploits0References5

Tenable Nessus•added 2026/05/20 12:0 a.m.•9 views

Debian dsa-6283 : firefox-esr - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6283 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6283-1 [email protected]...

9.8CVSS6AI score0.00109EPSS

Exploits0References39

Vulnrichment•added 2026/05/19 6:14 p.m.•9 views

CVE-2026-33741 EspoCRM: Stored XSS via SVG attachment loading same-origin JavaScript

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

6.8CVSS5.8AI score0.00041EPSS

Exploits0References1

EUVD•added 2026/05/19 6:14 p.m.•10 views

EUVD-2026-30967

6.8CVSS5.8AI score0.00041EPSS

Exploits0References1

CVE•added 2026/05/19 6:14 p.m.•8 views

CVE-2026-33741

EspoCRM prior to version 9.3.4 is affected by a Stored XSS via SVG attachments loading same-origin JavaScript. Versions 9.3.3 and earlier allow authenticated users to upload SVG attachments (through normal attachment fields) and later serve those SVGs as top-level inline documents via attachment ...

6.8CVSS5.8AI score0.00041EPSS

Exploits0References1

RedHat Linux•added 2026/05/19 6:13 p.m.•9 views

webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy

5.4CVSS6AI score0.00031EPSS

Exploits2References5

NVD•added 2026/05/19 2:16 p.m.•8 views

CVE-2026-8971

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS0.00019EPSS

Exploits0References3

NVD•added 2026/05/19 2:16 p.m.•6 views

CVE-2026-8948

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

9.1CVSS0.00039EPSS

Exploits0References3

NVD•added 2026/05/19 2:16 p.m.•6 views

CVE-2026-8950

Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

9.3CVSS0.00018EPSS

Exploits0References5