CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2025-8035 – firefox: thunderbird: Memory safety bugs
https://notcve.org/view.php?id=CVE-2025-8035
22 Jul 2025 — Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was found in Firefox and Thunderbird. The Mozil... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2C1975961%2C1975961 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2025-8034 – firefox: thunderbird: Memory safety bugs
https://notcve.org/view.php?id=CVE-2025-8034
22 Jul 2025 — Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was f... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970422%2C1970422%2C1970422%2C1970422 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 0%CPEs: 33EXPL: 0CVE-2025-8029 – firefox: thunderbird: javascript: URLs executed on object and embed tags
https://notcve.org/view.php?id=CVE-2025-8029
22 Jul 2025 — Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Firefox executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was found in Firefox and Thunderbird. • https://bugzilla.mozilla.org/show_bug.cgi?id=1928021 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30761 – openjdk: Improve scripting supports (Oracle CPU 2025-07)
https://notcve.org/view.php?id=CVE-2025-30761
15 Jul 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deleti... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53032
https://notcve.org/view.php?id=CVE-2025-53032
15 Jul 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53030
https://notcve.org/view.php?id=CVE-2025-53030
15 Jul 2025 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53029
https://notcve.org/view.php?id=CVE-2025-53029
15 Jul 2025 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-53023
https://notcve.org/view.php?id=CVE-2025-53023
15 Jul 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-50107
https://notcve.org/view.php?id=CVE-2025-50107
15 Jul 2025 — Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Request handling). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products (sco... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-50106 – openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)
https://notcve.org/view.php?id=CVE-2025-50106
15 Jul 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Orac... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-122: Heap-based Buffer Overflow •