CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2026-24869 – Use-after-free in the Layout: Scrolling and Overflow component
https://notcve.org/view.php?id=CVE-2026-24869
27 Jan 2026 — Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox < 147.0.2. • https://bugzilla.mozilla.org/show_bug.cgi?id=2008698 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2026-24868 – Mitigation bypass in the Privacy: Anti-Tracking component
https://notcve.org/view.php?id=CVE-2026-24868
27 Jan 2026 — Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 147.0.2. • https://bugzilla.mozilla.org/show_bug.cgi?id=2007302 • CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-15547 – Jail escape by a privileged user via nullfs
https://notcve.org/view.php?id=CVE-2025-15547
27 Jan 2026 — By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic allows that user to escape the jail's chroot, yielding access to the full filesystem of the host or parent jail. In a jail configured to allow nullfs(4) mounts from within the jail, the jailed root user can escap... • https://security.freebsd.org/advisories/FreeBSD-SA-26:02.jail.asc • CWE-269: Improper Privilege Management •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-67639
https://notcve.org/view.php?id=CVE-2025-67639
10 Dec 2025 — A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account. • https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-1166 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-67638
https://notcve.org/view.php?id=CVE-2025-67638
10 Dec 2025 — Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. • https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-783 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-67637
https://notcve.org/view.php?id=CVE-2025-67637
10 Dec 2025 — Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-783 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-67636
https://notcve.org/view.php?id=CVE-2025-67636
10 Dec 2025 — A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views. • https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-1809 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-67635
https://notcve.org/view.php?id=CVE-2025-67635
10 Dec 2025 — Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service. • https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 4.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-9820 – Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function
https://notcve.org/view.php?id=CVE-2025-9820
20 Nov 2025 — A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation... • https://access.redhat.com/security/cve/CVE-2025-9820 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-12818 – PostgreSQL libpq undersizes allocations, via integer wraparound
https://notcve.org/view.php?id=CVE-2025-12818
13 Nov 2025 — Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected. Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command did not correctly check for schema CREATE privileges. An authenti... • https://www.postgresql.org/support/security/CVE-2025-12818 • CWE-190: Integer Overflow or Wraparound •