CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в firefox, thunderbird

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized, resulting in a bypass that allowed device permissions to be leaked into untrusted sub-documents. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

6.5CVSS7AI score0.00134EPSS

Exploits0References2

CVE•added 2026/01/22 2:26 a.m.•16 views

CVE-2026-24002

CVE-2026-24002 – Grist sandbox escape vulnerability affects Grist Core (Grist open-source self-hosted spreadsheet/database). The issue arises when running formulas in the Pyodide sandbox on Node.js, where the sandbox barrier is insufficient, allowing an untrusted spreadsheet to escape to host exe...

9.6CVSS5.7AI score0.00032EPSS

Exploits0References2Affected Software1

OSV•added 2025/10/17 5:40 p.m.•1 views

JLSEC-2025-87 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElem...

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...

7.8CVSS7.4AI score0.00235EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2011-5258

Malware in sbrugna...

8.4CVSS6.4AI score0.03664EPSS

Exploits0References6

NVD•added 2025/08/20 4:15 p.m.•4 views

CVE-2011-10030

Foxit PDF Reader 4.3.1.0218 exposes a JavaScript API function, createDataObject, that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code...

8.4CVSS0.03664EPSS

Exploits0References6

AlpineLinux•added 2025/04/20 3:15 a.m.•2 views

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

7.8CVSS9.6AI score0.00087EPSS

Exploits1References5

OSV•added 2025/04/20 3:15 a.m.•1 views

DEBIAN-CVE-2025-43929

7.8CVSS4.9AI score0.00087EPSS

Exploits1References1

OSV•added 2025/04/20 3:15 a.m.•0 views

UBUNTU-CVE-2025-43929

7.8CVSS5.8AI score0.00087EPSS

Exploits1References6

CVE•added 2025/04/20 12:0 a.m.•104 views

CVE-2025-43929

CVE-2025-43929 affects kitty before 0.41.0. The issue arises because open_actions.py does not prompt for user confirmation before executing a local file that could be linked from an untrusted document (e.g., KDE Ghostwriter exports). Affects Kitty component (kitty) with local attack surface; expl...

7.8CVSS7.1AI score0.00087EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2025/04/20 12:0 a.m.•9 views

CVE-2025-43929

4.1CVSS4.5AI score0.00087EPSS

Exploits1References5