CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2025-6430
https://notcve.org/view.php?id=CVE-2025-6430
24 Jun 2025 — When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12. • https://bugzilla.mozilla.org/show_bug.cgi?id=1971140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2025-6429
https://notcve.org/view.php?id=CVE-2025-6429
24 Jun 2025 — Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12. • https://bugzilla.mozilla.org/show_bug.cgi?id=1970658 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.4EPSS: 0%CPEs: 15EXPL: 0CVE-2025-6425
https://notcve.org/view.php?id=CVE-2025-6425
24 Jun 2025 — An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12. • https://bugzilla.mozilla.org/show_bug.cgi?id=1717672 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2025-6424
https://notcve.org/view.php?id=CVE-2025-6424
24 Jun 2025 — A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12. • https://bugzilla.mozilla.org/show_bug.cgi?id=1966423 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 3CVE-2025-6019 – Libblockdev: lpe from allow_active to root in libblockdev via udisks
https://notcve.org/view.php?id=CVE-2025-6019
19 Jun 2025 — A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a l... • https://github.com/guinea-offensive-security/CVE-2025-6019 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-6020 – Linux-pam: linux-pam directory traversal
https://notcve.org/view.php?id=CVE-2025-6020
17 Jun 2025 — A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Olivier BAL-PETRE discovered that the PAM pam_namespace module incorrectly handled user-controlled paths. In environments where pam_namespace is used, a local attacker could possibly use this issue to escalate their privileges to root. • https://access.redhat.com/security/cve/CVE-2025-6020 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-27587
https://notcve.org/view.php?id=CVE-2025-27587
16 Jun 2025 — OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extracti... • https://github.com/openssl/openssl/issues/24253 • CWE-385: Covert Timing Channel •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-5914 – Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
https://notcve.org/view.php?id=CVE-2025-5914
09 Jun 2025 — A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. Se ha identificado una vulnerabilidad en la librería libarchive, específicamente en la función archive_read_format_rar_seek_data... • https://access.redhat.com/security/cve/CVE-2025-5914 • CWE-415: Double Free •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-4598 – Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump
https://notcve.org/view.php?id=CVE-2025-4598
30 May 2025 — A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access... • https://access.redhat.com/security/cve/CVE-2025-4598 • CWE-364: Signal Handler Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-44906
https://notcve.org/view.php?id=CVE-2025-44906
30 May 2025 — jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c. • https://github.com/madao123123/crash_report/blob/main/jhead/jhead.md • CWE-416: Use After Free •