CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0CVE-2025-3909 – thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
https://notcve.org/view.php?id=CVE-2025-3909
14 May 2025 — Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling Ja... • https://bugzilla.mozilla.org/show_bug.cgi?id=1958376 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2025-3875 – thunderbird: Sender Spoofing via Malformed From Header in Thunderbird
https://notcve.org/view.php?id=CVE-2025-3875
14 May 2025 — Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird parses addresses in a way that can allow sender spoofing in case the server all... • https://bugzilla.mozilla.org/show_bug.cgi?id=1950629 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-3931 – Yggdrasil: local privilege escalation in yggdrasil
https://notcve.org/view.php?id=CVE-2025-3931
14 May 2025 — A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with ac... • https://access.redhat.com/errata/RHSA-2025:7592 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-4432 – Ring: some aes functions may panic when overflow checking is enabled in ring
https://notcve.org/view.php?id=CVE-2025-4432
09 May 2025 — A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received. • https://access.redhat.com/security/cve/CVE-2025-4432 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-4382 – Grub2: grub allow access to encrypted device through cli once root device is unlocked via tpm
https://notcve.org/view.php?id=CVE-2025-4382
09 May 2025 — A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may al... • https://access.redhat.com/security/cve/CVE-2025-4382 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3528 – Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry
https://notcve.org/view.php?id=CVE-2025-3528
09 May 2025 — A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod. • https://access.redhat.com/security/cve/CVE-2025-3528 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-31177 – Gnuplot: gnuplot heap-buffer overflow on utf8_copy_one
https://notcve.org/view.php?id=CVE-2025-31177
07 May 2025 — gnuplot is affected by a heap buffer overflow at function utf8_copy_one. This update for gnuplot fixes the following issues. Invalid read leads to segmentation fault on plot3d_points. Improper bounds check leads to heap-buffer overflow on utf8_copy_one. Unvalidated user input leads to segmentation fault on GetAnnotateString. • https://access.redhat.com/security/cve/CVE-2025-31177 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-12225 – Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass
https://notcve.org/view.php?id=CVE-2024-12225
06 May 2025 — A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an ex... • https://access.redhat.com/security/cve/CVE-2024-12225 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4374 – Quay: incorrect privilege assignment
https://notcve.org/view.php?id=CVE-2025-4374
06 May 2025 — A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository. • https://access.redhat.com/security/cve/CVE-2025-4374 • CWE-266: Incorrect Privilege Assignment •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4373 – Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar
https://notcve.org/view.php?id=CVE-2025-4373
06 May 2025 — A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite. It was discovered that Glib incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2025-4373 • CWE-124: Buffer Underwrite ('Buffer Underflow') •