CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-14082 – Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure
https://notcve.org/view.php?id=CVE-2025-14082
10 Dec 2025 — A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint. • https://access.redhat.com/security/cve/CVE-2025-14082 • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14333 – Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146
https://notcve.org/view.php?id=CVE-2025-14333
09 Dec 2025 — Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that wi... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1966501%2C1997639 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-14331 – Same-origin policy bypass in the Request Handling component
https://notcve.org/view.php?id=CVE-2025-14331
09 Dec 2025 — Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. Same-origin policy bypass in the Request Handling component. • https://bugzilla.mozilla.org/show_bug.cgi?id=2000218 • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14330 – JIT miscompilation in the JavaScript Engine: JIT component
https://notcve.org/view.php?id=CVE-2025-14330
09 Dec 2025 — JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1997503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-686: Function Call With Incorrect Argument Type CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14329 – Privilege escalation in the Netmonitor component
https://notcve.org/view.php?id=CVE-2025-14329
09 Dec 2025 — Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1997018 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14328 – Privilege escalation in the Netmonitor component
https://notcve.org/view.php?id=CVE-2025-14328
09 Dec 2025 — Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1996761 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14325 – JIT miscompilation in the JavaScript Engine: JIT component
https://notcve.org/view.php?id=CVE-2025-14325
09 Dec 2025 — JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1998050 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2025-14324 – JIT miscompilation in the JavaScript Engine: JIT component
https://notcve.org/view.php?id=CVE-2025-14324
09 Dec 2025 — JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. JIT miscompilation in the JavaScript Engine: JIT component. • https://bugzilla.mozilla.org/show_bug.cgi?id=1996840 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14323 – Privilege escalation in the DOM: Notifications component
https://notcve.org/view.php?id=CVE-2025-14323
09 Dec 2025 — Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypa... • https://bugzilla.mozilla.org/show_bug.cgi?id=1996555 •
CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14322 – Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
https://notcve.org/view.php?id=CVE-2025-14322
09 Dec 2025 — Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1996473 • CWE-754: Improper Check for Unusual or Exceptional Conditions •