CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в firefox

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

9.1CVSS5.8AI score0.00317EPSS

Exploits0References2

Tenable Nessus•added 2025/08/07 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-6427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections...

9.1CVSS7.4AI score0.00317EPSS

Exploits0References2

SUSE CVE•added 2025/06/24 11:24 p.m.•1 views

SUSE CVE-2025-6427

6.3CVSS7.3AI score0.00317EPSS

Exploits0References6

OSV•added 2025/06/24 1:15 p.m.•2 views

CVE-2025-6427

9.1CVSS5.8AI score

Exploits0References3

AlpineLinux•added 2025/06/24 1:15 p.m.•2 views

CVE-2025-6427

9.1CVSS6.5AI score0.00317EPSS

Exploits0References3

OSV•added 2025/06/24 1:15 p.m.•0 views

UBUNTU-CVE-2025-6427

9.1CVSS7.3AI score0.00317EPSS

Exploits0References6

ATTACKERKB•added 2025/06/24 12:28 p.m.•3 views

CVE-2025-6427

9.1CVSS5.8AI score0.00317EPSS

Exploits0References4

Positive Technologies•added 2025/06/24 12:0 a.m.•1 views

PT-2025-26724

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments, which would have also hidden the connections from the Network tab in Devtools...

9.8CVSS7.9AI score0.19171EPSS

Exploits2References161

SUSE CVE•added 2023/02/15 4:54 a.m.•0 views

SUSE CVE-2016-9905

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR 45.6 and Thunderbird 45.6...

8.8CVSS8.9AI score0.01174EPSS

Exploits1References20

SUSE CVE•added 2023/02/15 3:23 a.m.•2 views

SUSE CVE-2022-40959

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

6.5CVSS8.5AI score0.00134EPSS

Exploits0References8

NVD•added 2022/12/22 8:15 p.m.•10 views

CVE-2022-40959

6.5CVSS0.00134EPSS

Exploits0References4

OSV•added 2022/12/22 8:15 p.m.•2 views

DEBIAN-CVE-2022-40959

6.5CVSS7AI score0.00134EPSS

Exploits0References1

RedHat Linux•added 2022/09/26 4:34 p.m.•2 views

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

6.5CVSS7.3AI score0.00134EPSS

Exploits0References5

RedHat Linux•added 2022/09/26 3:37 p.m.•0 views

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

6.5CVSS7.3AI score0.00134EPSS

Exploits0References5

RedHat Linux•added 2022/09/26 3:20 p.m.•1 views

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

6.5CVSS7.3AI score0.00134EPSS

Exploits0References5

RedHat Linux•added 2022/09/26 3:15 p.m.•1 views

Mozilla: Bypassing FeaturePolicy restrictions on transient pages