CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в firefox, thunderbird

An iframe from a cross-origin origin that references an XSLT document would inherit the permissions of the parent domain such as access to microphones or cameras. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...

8.8CVSS7.3AI score0.00251EPSS

Exploits0References2

OSV•added 2025/12/09 1:50 p.m.•1 views

CLSA-2025-1765288229 libxslt: Fix of CVE-2025-7424

CVE-2025-7424: fix type confusion in xsltDocumentFunctionLoadDocument...

7.5CVSS7.1AI score0.00374EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-22365

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.00323EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-41056

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00251EPSS

Exploits0References6

Tenable Nessus•added 2025/07/28 12:0 a.m.•2 views

FreeBSD : Mozilla -- XSLT document CSP bypass (4a357f4b-685e-11f0-a12d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a357f4b-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: XSLT document loading did not correctly propagate the source document whi...

8.1CVSS8.2AI score0.00323EPSS

Exploits0References3

OSV•added 2025/07/22 9:15 p.m.•3 views

CVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

8.1CVSS5.2AI score

Exploits0References8

Debian CVE•added 2025/07/22 8:49 p.m.•3 views

CVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

8.1CVSS7.7AI score0.00323EPSS

Exploits0

Vulnrichment•added 2025/07/22 8:49 p.m.•2 views

CVE-2025-8032 XSLT documents could bypass CSP

7.2AI score0.00323EPSS

Exploits0References7

Cvelist•added 2025/07/22 8:49 p.m.•5 views

CVE-2025-8032 XSLT documents could bypass CSP

0.00323EPSS

Exploits0References7

FreeBSD•added 2025/07/22 12:0 a.m.•4 views

Mozilla -- XSLT document CSP bypass

[email protected] reports: XSLT document loading did not correctly propagate the source document which bypassed its CSP...

8.1CVSS6.7AI score0.00323EPSS

Exploits0References1

OSV•added 2022/12/22 8:15 p.m.•1 views

DEBIAN-CVE-2022-38473

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions such as microphone or camera access. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...

8.8CVSS8.1AI score0.00251EPSS

Exploits0References1

NVD•added 2022/12/22 8:15 p.m.•17 views

CVE-2022-38473

8.8CVSS0.00251EPSS

Exploits0References6

OSV•added 2022/12/22 8:15 p.m.•3 views

CVE-2022-38473

8.8CVSS8.2AI score

Exploits0References6

Prion•added 2022/12/22 8:15 p.m.•24 views

Cross site scripting

6.8CVSS8.1AI score0.00251EPSS

Exploits0References6Affected Software3

Vulnrichment•added 2022/12/22 12:0 a.m.•2 views

CVE-2022-38473

6.4AI score0.00251EPSS

Exploits0References6

Cvelist•added 2022/12/22 12:0 a.m.•16 views

CVE-2022-38473

8.5AI score0.00251EPSS

Exploits0References6

CVE•added 2022/12/22 12:0 a.m.•153 views

CVE-2022-38473

Concrete details for CVE-2022-38473: A cross-origin iframe referencing an XSLT document could inherit the parent domain’s permissions (e.g., microphone or camera) in Thunderbird and Firefox products. Affected: Thunderbird versions earlier than 102.2 and 91.13, Firefox ESR earlier than 91.13 and 1...

8.8CVSS8.3AI score0.00251EPSS

Exploits0References6Affected Software3

Veracode•added 2022/09/04 11:42 a.m.•19 views

Arbitrary Code Execution

firefox-esr is vulnerable to arbitrary code execution. The vulnerability is possible because the cross-origin iframe referencing an XSLT document inheriting the parent domain's permissions which allows an attacker to inject and execute arbitrary commands...

8.8CVSS9.1AI score0.00251EPSS

Exploits0References8Affected Software5

RedHat Linux•added 2022/08/24 7:12 p.m.•3 views

Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a cross-origin iframe referencing an XSLT document inheriting the parent domain's permissions such as microphone or camera access...

8.8CVSS7.2AI score0.00251EPSS

Exploits0References5

RedHat Linux•added 2022/08/24 6:48 p.m.•2 views

Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions

8.8CVSS7.2AI score0.00251EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by