CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30731
https://notcve.org/view.php?id=CVE-2025-30731
15 Apr 2025 — Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite (component: Configuration). Supported versions that are affected are 12.2.3-12.2.14. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Applications Technology Stack executes to compromise Oracle Applications Technology Stack. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can r... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30718
https://notcve.org/view.php?id=CVE-2025-30718
15 Apr 2025 — Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access... • https://www.oracle.com/security-alerts/cpuapr2025.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30716
https://notcve.org/view.php?id=CVE-2025-30716
15 Apr 2025 — Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data. CVSS 3.1 Base Score 7.5 (Confi... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30711
https://notcve.org/view.php?id=CVE-2025-30711
15 Apr 2025 — Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional ... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2025-24201 – Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-24201
11 Mar 2025 — An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions o... • https://support.apple.com/en-us/122281 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2025-1938 – firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8
https://notcve.org/view.php?id=CVE-2025-1938
04 Mar 2025 — Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with eno... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2025-1937 – firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
https://notcve.org/view.php?id=CVE-2025-1937
04 Mar 2025 — Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs sh... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges •
CVSS: 5.0EPSS: 0%CPEs: 34EXPL: 0CVE-2025-1935 – firefox: Clickjacking the registerProtocolHandler info-bar Reporter
https://notcve.org/view.php?id=CVE-2025-1935
04 Mar 2025 — A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1866661 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2025-1934 – firefox: Unexpected GC during RegExp bailout processing
https://notcve.org/view.php?id=CVE-2025-1934
04 Mar 2025 — It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbir... • https://bugzilla.mozilla.org/show_bug.cgi?id=1942881 • CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 9.0EPSS: 0%CPEs: 34EXPL: 0CVE-2025-1933 – firefox: JIT corruption of WASM i32 return values on 64-bit CPUs
https://notcve.org/view.php?id=CVE-2025-1933
04 Mar 2025 — On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. • https://bugzilla.mozilla.org/show_bug.cgi?id=1946004 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •