Total
31711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22748 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 6.5 MEDIUM |
| Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
| CVE-2022-22745 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 6.5 MEDIUM |
| Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
| CVE-2024-45944 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
| In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. | |||||
| CVE-2023-44038 | 1 Veridiumid | 1 Veridiumad | 2025-04-16 | N/A | 6.5 MEDIUM |
| In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack. | |||||
| CVE-2024-20758 | 1 Adobe | 2 Commerce, Magento | 2025-04-16 | N/A | 9.0 CRITICAL |
| Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high. | |||||
| CVE-2025-24429 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 3.5 LOW |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. | |||||
| CVE-2022-31740 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 8.8 HIGH |
| On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | |||||
| CVE-2022-31739 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-04-16 | N/A | 8.8 HIGH |
| When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | |||||
| CVE-2022-28287 | 1 Mozilla | 1 Firefox | 2025-04-16 | N/A | 6.5 MEDIUM |
| In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. | |||||
| CVE-2022-28284 | 1 Mozilla | 1 Firefox | 2025-04-16 | N/A | 8.8 HIGH |
| SVG's <code><use></code> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs. This vulnerability affects Firefox < 99. | |||||
| CVE-2022-26386 | 3 Apple, Linux, Mozilla | 4 Macos, Linux Kernel, Firefox Esr and 1 more | 2025-04-15 | N/A | 6.5 MEDIUM |
| Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7. | |||||
| CVE-2023-48319 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-15 | N/A | 6.8 MEDIUM |
| Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects Salon booking system: from n/a through 8.6. | |||||
| CVE-2024-35166 | 1 Ninjateam | 1 Filebird | 2025-04-15 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through 5.6.3. | |||||
| CVE-2022-34472 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 4.3 MEDIUM |
| If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | |||||
| CVE-2022-29914 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 6.5 MEDIUM |
| When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2022-29913 | 1 Mozilla | 1 Thunderbird | 2025-04-15 | N/A | 6.5 MEDIUM |
| The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9. | |||||
| CVE-2022-25893 | 1 Vm2 Project | 1 Vm2 | 2025-04-15 | N/A | 9.8 CRITICAL |
| The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise. | |||||
| CVE-2023-36505 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-15 | N/A | 6.8 MEDIUM |
| Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24. | |||||
| CVE-2022-36315 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 4.3 MEDIUM |
| When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103. | |||||
| CVE-2022-34479 | 2 Linux, Mozilla | 4 Linux Kernel, Firefox, Firefox Esr and 1 more | 2025-04-15 | N/A | 6.5 MEDIUM |
| A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | |||||