Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when 'ALLOW_BUILTIN_DEP' is enabled) lets a logged-in user break out of the nodevm sandbox by abusing the bundled Puppeteer and Playwright modules. Because a custom tool can specify an attacker-controlled browser binary path and launch parameters, executing that tool runs an arbitrary executable on the host outside the intended sandbox, yielding code execution in the host context. Publicly available exploit code exists; the flaw is not listed in CISA KEV, and it was mis-filed by the vendor as a duplicate of CVE-2025-26319 but is distinct.
Remote code execution in Mozilla Firefox 143 and Thunderbird 143 allows unauthenticated network attackers to execute arbitrary code via memory corruption. The vulnerability stems from a memory safety bug (CWE-119 buffer overflow) exploitable without user interaction. CVSS score of 9.8 reflects critical severity with network-based attack vector, low complexity, and no privileges required. Vendor-released patches are available in Firefox 144 and Thunderbird 144. No public exploit identified at time of analysis, though Mozilla's assessment indicates the memory corruption is presumed exploitable with sufficient effort.
Use-after-free memory corruption in Mozilla Thunderbird 143+ and Firefox allows remote code execution via malicious web extensions exploiting the native messaging API on Windows. CVSS 9.8 (critical) with network-based attack vector requiring no user interaction or authentication. Patched in Firefox 144 and Thunderbird 144. No public exploit identified at time of analysis, but CVSS metrics indicate high exploitability (AV:N/AC:L/PR:N/UI:N) with complete impact to confidentiality, integrity, and availability.
Information disclosure in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to extract privileged browser process memory via malicious IPC messages from a compromised web content process. Affects Firefox <144, Firefox ESR <115.29 and <140.4, and Thunderbird <144 and <140.4. CVSS 9.8 indicates network-exploitable with no auth required, though actual exploitation requires first compromising a web content process. Vendor-released patches available (Firefox 144, Firefox ESR 115.29/140.4, Thunderbird 144/140.4). No public exploit identified at time of analysis; EPSS data not provided.
Out-of-bounds memory corruption in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to achieve code execution via malicious WebGL texture operations. A compromised web content process can exploit manipulated WebGL textures to trigger out-of-bounds reads and writes in privileged browser processes, potentially leading to full system compromise. Affects Firefox <144, Firefox ESR <115.29 and <140.4, and Thunderbird <144 and <140.4. Vendor-released patches available across all affected product lines. CVSS 9.8 reflects network-accessible, no-authentication-required attack with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the specific Bugzilla reference (1989127) indicates detailed technical analysis exists.
Remote code execution in Mozilla Firefox (all versions prior to 144, ESR prior to 140.4) and Thunderbird (all versions prior to 144, ESR prior to 140.4) allows unauthenticated remote attackers to execute arbitrary code, disclose sensitive information, or cause denial of service through a use-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). With a critical CVSS score of 9.8 and no authentication required, this memory corruption flaw represents a severe security risk. No public exploit identified at time of analysis, though EPSS data not available to assess exploitation probability.
Blind SQL injection in SFS Consulting's Winsure platform (all versions through the 21.08.2025 release) allows remote unauthenticated attackers to manipulate backend database queries via crafted input. The flaw carries a CVSS 9.8 rating reflecting network-reachable, low-complexity exploitation with no privileges or user interaction required, and no public exploit identified at time of analysis. The advisory was issued by Turkey's national CERT (USOM), suggesting regional relevance to Turkish insurance-sector deployments.
A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Firefox for Android leaks password-related screen content through the Android task switcher card carousel, exposing sensitive information to local attackers with physical or remote access to the device. Affects Firefox for Android versions prior to 144. No public exploit identified at time of analysis, but exploitation is trivial requiring only device access and standard OS features. CVSS 9.1 reflects the unauthenticated network attack vector, though real-world exploitation typically requires local device access, making the practical risk moderate for most threat models.
Privilege escalation in Microsoft Exchange Server (including 2016 cumulative updates and Subscription Edition) allows an authenticated network attacker to elevate privileges due to weak authentication mechanisms (CWE-1390). With a CVSS score of 8.8 and full confidentiality, integrity, and availability impact, this represents a significant risk to mail infrastructure, though no public exploit identified at time of analysis.
Memory corruption in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird ESR 140.3 enables remote arbitrary code execution when users interact with malicious content. Exploitation requires user interaction (opening crafted web content or email), but no authentication is needed. Mozilla issued patches in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird ESR 140.4. With CVSS 8.8 and EPSS data unavailable, the vulnerability represents critical risk to unpatched installations. No public exploit identified at time of analysis, though Mozilla's acknowledgment of memory corruption evidence suggests exploitation is technically feasible.
Memory corruption vulnerabilities in Mozilla Firefox and Thunderbird allow remote code execution when users interact with malicious web content. Affects Firefox ESR 115.28 and below, Firefox ESR 140.3 and below, Firefox 143 and below, Thunderbird 143 and below, and Thunderbird ESR 140.3 and below. Mozilla confirmed memory safety bugs with evidence of memory corruption presumed exploitable for arbitrary code execution. Vendor-released patches available: Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVSS 8.8 severity driven by network attack vector with low complexity requiring only user interaction, no authentication required. No public exploit identified at time of analysis, though multiple internal bug reports suggest coordinated fix effort.
Session hijacking against Rolantis Information Technologies Agentis prior to version 4.44 is possible because the application fails to regenerate session identifiers across authentication state changes, letting a remote attacker who can lure a victim into using an attacker-supplied session token take over the authenticated session. CVSS 8.8 reflects full confidentiality, integrity, and availability impact once hijacked, but no public exploit identified at time of analysis and the issue is not on the CISA KEV list.
DOM-based Cross-Site Scripting in Adobe Connect 12.9 and earlier enables session hijacking when high-privileged administrators interact with attacker-crafted pages. Scope change to 'C' indicates the attacker can pivot beyond the vulnerable component's security boundary, allowing privileged session takeover that impacts both confidentiality and integrity at high levels. No active exploitation confirmed per CISA KEV at time of analysis. Adobe has released security advisory APSB25-70 addressing this vulnerability.
User interface spoofing in Firefox and Firefox Focus for Android's custom tab implementation allows remote attackers to misrepresent subdomain origins, enabling phishing attacks through crafted URLs. The custom tab feature truncates displayed hostnames to show only the parent domain, allowing malicious content on attacker-controlled subdomains (e.g., evil.example.com) to appear as legitimate sibling subdomains (e.g., legitimate.example.com). With CVSS 8.1 (High Confidentiality/Integrity impact) and no authentication required, this represents significant phishing risk for Android Firefox users. Patched in Firefox 144; no public exploit identified at time of analysis, though the UI flaw is straightforward to exploit.
Command injection via Firefox/Thunderbird 'Copy as cURL' feature on Windows allows remote attackers to execute arbitrary commands when users copy network requests as cURL commands and paste them into terminals. Affects Firefox <144, Firefox ESR <140.4, Thunderbird <144, and Thunderbird <140.4 exclusively on Windows platforms. No public exploit identified at time of analysis, but attack vector requires only user interaction (CVSS PR:N/UI:R) with no privileges needed.
Local code execution in Microsoft Office (including 365 Apps Enterprise, Office 2016/2019, and Office LTSC 2021 across Windows, macOS, and Android) is possible when a victim opens a maliciously crafted document that triggers a use-after-free condition. An unauthorized attacker who convinces a user to open the file can execute arbitrary code in the context of the current user, with no public exploit identified at time of analysis. CVSS is 7.8 reflecting local attack vector with required user interaction but full confidentiality, integrity, and availability impact.
Local code execution in Microsoft Office (including Microsoft 365 Apps Enterprise, Office 2016/2019, and Office LTSC 2021 across Windows x86/x64, macOS, and Android) arises from a use-after-free memory corruption (CWE-416) that an attacker can trigger by convincing a user to open a crafted document. Exploitation runs in the context of the current user with high impact on confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.
Local privilege escalation in Microsoft Exchange Server 2016 (and Subscription Edition) stems from an incorrect implementation of an authentication algorithm (CWE-303), allowing a low-privileged local user to gain high-impact control over confidentiality, integrity, and availability of the mail platform. The flaw was reported by Microsoft (MSRC) and carries a CVSS 3.1 base of 7.8 (AV:L/AC:L/PR:L/UI:N). At time of analysis, no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but exploitation by an authenticated insider on an Exchange host would yield full server compromise.
Spoofing in Microsoft Exchange Server (including 2016 cumulative updates and Subscription Edition) allows remote unauthenticated attackers to impersonate trusted entities over the network due to improper input validation. The flaw carries a CVSS 7.5 with integrity-only impact, and no public exploit identified at time of analysis. Defenders should treat it as a credible spoofing/authentication-bypass primitive that may be chained with downstream phishing or follow-on Exchange attacks.
Authenticated remote code execution in Fortinet FortiOS, FortiProxy, and FortiPAM enables low-privileged users to trigger a heap-based buffer overflow through crafted RDP bookmark connection requests. The flaw affects multiple major release trains across all three product families, including FortiOS 7.6.2 and earlier, 7.4.7 and earlier, 7.2.10 and earlier, and all 6.4/7.0 versions. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.
Man-in-the-middle interception is possible against the ZTNA proxy in FortiProxy 7.6.1 and earlier, 7.4.8 and earlier, and all 7.2/7.0 versions, as well as FortiOS 7.6.2 and earlier, 7.4.8 and earlier, and all 7.2/7.0 versions, due to improper certificate-host validation (CWE-297). An adjacent network attacker in a privileged path-position can intercept and tamper with ZTNA proxy connections, undermining a control specifically deployed to enforce zero-trust authentication. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.
Cross-Site Request Forgery in Wallos v4.1.1 lets remote attackers trick an authenticated user's browser into submitting a crafted GET request to the /endpoints/currency/currency component, performing unwanted currency operations without the victim's consent. The flaw stems from missing anti-CSRF token validation on state-changing requests. There is no public exploit identified at time of analysis, and the EPSS score is low (0.17%, 6th percentile), indicating little observed exploitation interest.
Firefox on Android allows remote attackers to display a fake address bar by exploiting the visibilitychange event when the legitimate address bar is hidden due to scrolling, enabling phishing attacks and user deception. The vulnerability affects Firefox versions prior to 144 and requires user interaction (clicking on the fake address bar). Mozilla released patched version Firefox 144 to address this issue, and there is no evidence of active exploitation at the time of analysis.
Sandboxed iframes in Firefox and Thunderbird can bypass Android permission restrictions to launch external applications without the required allow-permissions, enabling attackers to trigger unintended app launches through malicious links. Unauthenticated remote attackers can exploit this via user interaction (link click) to achieve integrity impact. Firefox 144 and Thunderbird 144 contain fixes; no public exploit code or active exploitation has been identified.
Modify read-only JavaScript Object properties in Firefox and Thunderbird via crafted web content, allowing attackers to bypass property immutability protections and alter application state. Affects Firefox versions below 144, Firefox ESR below 115.29 and 140.4, Thunderbird below 144 and 140.4. Requires user interaction (malicious website visit) but no authentication. CVSS 6.5 reflects high integrity impact with user-interaction requirement; no evidence of active exploitation or public exploit code at time of analysis.
Reflected cross-site scripting (XSS) in FortiOS, FortiProxy, and FortiSASE allows unauthenticated remote attackers to inject and execute malicious scripts in a victim's browser by tricking them into clicking a crafted HTTP request link. The vulnerability spans a wide range of FortiOS versions from 6.4 through 7.6.3 and all FortiProxy 7.x branches, meaning a large installed base of Fortinet network security appliances is affected. A Siemens CERT advisory (SSA-864900) indicates this vulnerability also affects Siemens products that embed Fortinet components, broadening organizational impact. No public exploit or CISA KEV listing has been identified at time of analysis.
Open redirect vulnerability in Fortinet FortiOS, FortiProxy, and FortiSASE enables unauthenticated attackers on an adjacent network segment to redirect authenticated users to attacker-controlled sites via crafted HTTP requests. The attack surface is substantially constrained by the adjacent-network-only vector (AV:A), high attack complexity (AC:H), and mandatory user interaction (UI:R), yielding a CVSS 2.6 Low severity score. No public exploit identified at time of analysis, and EPSS at 0.01% (1st percentile) confirms negligible observed exploitation pressure. A Siemens PSIRT advisory (SSA-864900) indicates this vulnerability also affects Siemens products embedding Fortinet components.
Firefox and Thunderbird allow cross-site scripting (XSS) attacks when a malicious page uses the type attribute of an OBJECT tag to override default browser behavior for resources served without a content-type header. An attacker can craft a malicious webpage that exploits this flaw to execute arbitrary JavaScript in the context of a vulnerable site that unsafely omits content-type headers, affecting Firefox versions before 144, Firefox ESR before 140.4, Thunderbird before 144, and Thunderbird ESR before 140.4. No public exploit code or active exploitation has been identified at time of analysis.
Adobe Commerce versions 2.4.9-alpha2 through 2.4.4-p15 are vulnerable to an incorrect authorization flaw that allows remote, unauthenticated attackers to bypass security controls and gain unauthorized read access to sensitive data. The vulnerability requires specific conditions beyond the attacker's control and does not require user interaction, but carries a moderate CVSS score of 5.9 reflecting high confidentiality impact and high attack complexity.
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerability may lead to memory corruption and impact Integrity and Availability.
APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.
APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.
Open redirect vulnerability in Adobe Connect 12.9 and earlier allows remote attackers to redirect users to arbitrary websites by crafting malicious links, requiring victim interaction to click the link. The vulnerability has low confidentiality impact with CVSS 4.3 and no confirmed active exploitation or public exploit code at time of analysis.
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
Authenticated denial-of-service in Fortinet FortiOS allows a high-privileged user to crash the HTTP daemon via a specially crafted API request. The root cause is an unchecked return value (CWE-252) that triggers a null pointer dereference in the HTTP daemon, resulting in a temporary service disruption. EPSS exploitation probability is 0.06% (20th percentile), no KEV listing, and no public exploit identified at time of analysis, placing this as low operational priority despite network-reachable attack vector.
Sensitive 2FA-related information is written to FortiOS log files and exposed via diagnose commands, allowing a highly privileged attacker with at least read-only administrative access to recover two-factor authentication data. Affected versions span FortiOS 6.4 through 7.6.3 and FortiProxy across all versions per CPE data, representing a wide installed base. No public exploit code exists and no active exploitation has been confirmed; EPSS of 0.04% at the 13th percentile reflects minimal real-world exploitation pressure at this time.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.