CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2025-6430
https://notcve.org/view.php?id=CVE-2025-6430
24 Jun 2025 — When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12. • https://bugzilla.mozilla.org/show_bug.cgi?id=1971140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2025-6429
https://notcve.org/view.php?id=CVE-2025-6429
24 Jun 2025 — Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12. • https://bugzilla.mozilla.org/show_bug.cgi?id=1970658 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2025-6426
https://notcve.org/view.php?id=CVE-2025-6426
24 Jun 2025 — The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140 and Firefox ESR < 128.12. • https://bugzilla.mozilla.org/show_bug.cgi?id=1964385 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.4EPSS: 0%CPEs: 15EXPL: 0CVE-2025-6425
https://notcve.org/view.php?id=CVE-2025-6425
24 Jun 2025 — An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12. • https://bugzilla.mozilla.org/show_bug.cgi?id=1717672 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2025-6424
https://notcve.org/view.php?id=CVE-2025-6424
24 Jun 2025 — A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12. • https://bugzilla.mozilla.org/show_bug.cgi?id=1966423 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4563 – Nodes can bypass dynamic resource allocation authorization checks
https://notcve.org/view.php?id=CVE-2025-4563
23 Jun 2025 — A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation. • https://github.com/kubernetes/kubernetes/issues/132151 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-6020 – Linux-pam: linux-pam directory traversal
https://notcve.org/view.php?id=CVE-2025-6020
17 Jun 2025 — A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Olivier BAL-PETRE discovered that the PAM pam_namespace module incorrectly handled user-controlled paths. In environments where pam_namespace is used, a local attacker could possibly use this issue to escalate their privileges to root. • https://access.redhat.com/security/cve/CVE-2025-6020 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5986
https://notcve.org/view.php?id=CVE-2025-5986
11 Jun 2025 — A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email i... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-0620 – Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session
https://notcve.org/view.php?id=CVE-2025-0620
06 Jun 2025 — A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again. It was discovered that Samba incorrectly handled certain group membership changes when using Kerberos authentication. A remote user could possibly use this issue to continue to access resources after being removed by an administrator. • https://access.redhat.com/security/cve/CVE-2025-0620 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49466
https://notcve.org/view.php?id=CVE-2025-49466
05 Jun 2025 — aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part, aerc anterior a 93bec0d permite el directory traversal en commands/msgview/open.go debido a la concatenación de ruta directa del nombre de una parte adjunta. • https://git.sr.ht/~rjarry/aerc/commit/2bbe75fe0bc87ab4c1e16c5a18c6200224391629 • CWE-23: Relative Path Traversal •