Export limit exceeded: 364285 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364285 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364285 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364285 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1263 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-4918 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2026-04-20 9.8 Critical
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.
CVE-2025-4919 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2026-04-20 8.8 High
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.
CVE-2025-5266 2 Mozilla, Redhat 7 Firefox, Enterprise Linux, Rhel Aus and 4 more 2026-04-20 4.3 Medium
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
CVE-2025-5267 2 Mozilla, Redhat 7 Firefox, Enterprise Linux, Rhel Aus and 4 more 2026-04-20 5.4 Medium
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
CVE-2025-5268 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2026-04-20 8.1 High
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
CVE-2025-5269 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2026-04-20 8.1 High
Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.11 and Thunderbird 128.11.
CVE-2025-5986 2 Mozilla, Redhat 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more 2026-04-20 6.5 Medium
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability was fixed in Thunderbird 128.11.1 and Thunderbird 139.0.2.
CVE-2025-6430 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Enterprise Linux and 5 more 2026-04-20 6.1 Medium
When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.
CVE-2025-62230 1 Redhat 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more 2026-04-20 7.3 High
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
CVE-2025-62229 1 Redhat 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more 2026-04-20 7.3 High
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
CVE-2025-62231 1 Redhat 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more 2026-04-20 7.3 High
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
CVE-2026-1761 1 Redhat 9 Enterprise Linux, Enterprise Linux Eus, Openshift Devspaces and 6 more 2026-04-16 8.6 High
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
CVE-2019-5482 7 Debian, Fedoraproject, Haxx and 4 more 24 Debian Linux, Fedora, Curl and 21 more 2026-04-15 9.8 Critical
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2018-1000301 5 Canonical, Debian, Haxx and 2 more 15 Ubuntu Linux, Debian Linux, Curl and 12 more 2026-04-15 9.1 Critical
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
CVE-2024-30156 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-04-15 7.5 High
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
CVE-2025-7493 1 Redhat 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more 2026-04-15 9.1 Critical
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
CVE-2025-1094 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-04-15 8.1 High
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
CVE-2024-47850 2 Cups, Redhat 7 Cups, Enterprise Linux, Rhel Aus and 4 more 2026-04-15 7.5 High
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
CVE-2024-45770 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2026-04-15 4.4 Medium
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
CVE-2024-4032 2 Python, Redhat 6 Cpython, Enterprise Linux, Rhel Aus and 3 more 2026-04-15 7.5 High
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.