Skip to main content
CVE-2025-71096 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is invalid if it does not.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71098 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ip6_gre: make ip6gre_header() robust Over the years, syzbot found many ways to crash the kernel in ip6gre_header() [1].

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71097 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix reference count leak when using error routes with nexthop objects When a nexthop object is deleted, it is marked as dead and then fib_table_flush() is called to flush all the routes that are using the dead nexthop.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71094 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asix_read_phy_addr().

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71087 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iavf: fix off-by-one issues in iavf_config_rss_reg() There are off-by-one bugs when configuring RSS hash key and lookup table, causing out-of-bounds reads to memory [1] and out-of-bounds writes to device registers.

Linux Debian Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71085 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head().

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71084 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix leaking the multicast GID table reference If the CM ID is destroyed while the CM event for multicast creating is still queued the cancel_work_sync() will prevent the work from running which also prevents destroying the ah_attr.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71083 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Avoid NULL pointer deref for evicted BOs It is possible for a BO to exist that is not currently associated with a resource, e.g. because it has been evicted.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71079 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write A deadlock can occur between nfc_unregister_device() and rfkill_fop_write() due to lock ordering inversion between device_lock and rfkill_global_mutex.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71077 MEDIUM PATCH This Month

CVE-2025-71077 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71095 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix the crash issue for zero copy XDP_TX action There is a crash issue when running zero copy XDP_TX action, the crash log is shown below.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20932 MEDIUM PATCH This Month

Windows File Explorer information disclosure allows local authenticated users to access sensitive data without authorization. This medium-severity vulnerability affects multiple Windows versions including Windows 11 (24h2 and 25h2), Windows 10 1809, and Windows Server 2019, but no patch is currently available.

Windows Windows 11 24h2 Windows Server 2019 Windows 11 25h2 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20862 MEDIUM PATCH This Month

Windows Management Services on Windows 10, 11, and Server 2022 expose sensitive information through an information disclosure vulnerability that allows authenticated local users to read confidential data. An attacker with valid credentials can exploit this to access information they should not be authorized to view, though no remote exploitation or system modification is possible. No patch is currently available for affected systems.

Windows Windows 11 23h2 Windows 10 22h2 Windows Server 2022 23h2 Windows 11 25h2 +7
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20838 MEDIUM PATCH This Month

Sensitive information disclosure in the Windows Kernel error message handling allows local authenticated users to read confidential data they shouldn't have access to. The vulnerability affects Windows and Windows Server 2022/2025 platforms and requires valid credentials to exploit, limiting its attack surface. No patch is currently available for this medium-severity issue.

Linux Windows Windows Server 2022 Windows Server 2025 Windows Server 2022 23h2 +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20827 MEDIUM PATCH This Month

Information disclosure in Windows Tablet UI (TWINUI) subsystem allows authenticated local users to read sensitive data on affected Windows 11 and Windows Server systems. An attacker with local access can exploit this to retrieve confidential information without requiring user interaction. No patch is currently available for this medium-severity vulnerability.

Windows Windows 11 23h2 Windows Server 2016 Windows 11 24h2 Windows Server 2022 +9
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20823 MEDIUM PATCH This Month

Information disclosure in Windows File Explorer enables local authenticated users to read sensitive data on affected Windows systems including Windows 10 and Windows Server 2025. An attacker with valid local credentials can exploit this vulnerability to access confidential information without requiring user interaction. No patch is currently available for this issue.

Windows Windows Server 2025 Windows 10 22h2 Windows 10 21h2 Windows Server 2022 +9
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20829 MEDIUM PATCH This Month

Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. [CVSS 5.5 MEDIUM]

Windows Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 Windows Server 2022 23h2 +7
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20819 MEDIUM PATCH This Month

Improper pointer validation in Windows VBS Enclave allows authenticated local users to read sensitive information on Windows 11 systems across multiple versions. An attacker with local access and valid credentials can exploit this memory safety flaw to bypass enclave protections and disclose confidential data. No patch is currently available.

Windows Windows 11 25h2 Windows 11 23h2 Windows 11 24h2 Microsoft
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71081 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the set_sync() callback fails during DAI probe.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20839 MEDIUM PATCH This Month

Information disclosure in Windows Client-Side Caching Service allows authenticated local users to read sensitive data on affected systems including Windows 10, Windows 11, and Windows Server editions. An attacker with valid credentials can exploit improper access controls to access cached information without additional user interaction. No patch is currently available for this vulnerability.

Windows Windows 10 21h2 Windows 11 25h2 Windows Server 2008 Windows Server 2025 +11
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20939 MEDIUM PATCH This Month

Windows File Explorer information disclosure affects Windows 10 and 11 systems, allowing local authenticated attackers to access sensitive data through improper access controls. The vulnerability requires valid user credentials and local system access, posing a risk in multi-user or shared computing environments where sensitive files may be exposed to other authorized users.

Windows Windows Server 2022 23h2 Windows 11 24h2 Windows 10 21h2 Windows 10 1607 +9
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20937 MEDIUM PATCH This Month

Windows File Explorer improperly restricts access to sensitive information, enabling authenticated local users to read confidential data without authorization. This vulnerability affects Windows 10 across multiple versions (1607, 1809, 21H2, 22H2) and requires valid user credentials and local system access to exploit. Currently, no patch is available to remediate this information disclosure issue.

Windows Windows Server 2022 Windows 10 21h2 Windows 10 22h2 Windows 10 1607 +9
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71090 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg() nfsd4_add_rdaccess_to_wrdeleg() unconditionally overwrites fp->fi_fds[O_RDONLY] with a newly acquired nfsd_file.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71088 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mptcp: fallback earlier on simult connection Syzkaller reports a simult-connect race leading to inconsistent fallback status: WARNING: CPU: 3 PID: 33 at net/mptcp/subflow.c:1515 subflow_data_ready+0x40b/0x7c0 net/mptcp/subflow.c:1515 Modules linked in: CPU: 3 UID: 0 PID: 33 Comm: ksoftirqd/3 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:subflow_data_ready+0x40b/0x7c0 net/mptcp/subflow.c:1515 Code: 89 ee e8 78 61 3c f6 40 84 ed 75 21 e8 8e 66 3c f6 44 89 fe bf 07 00 00 00 e8 c1 61 3c f6 41 83 ff 07 74 09 e8 76 66 3c f6 90 <0f> 0b 90 e8 6d 66 3c f6 48 89 df e8 e5 ad ff ff 31 ff 89 c5 89 c6 RSP: 0018:ffffc900006cf338 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888031acd100 RCX: ffffffff8b7f2abf RDX: ffff88801e6ea440 RSI: ffffffff8b7f2aca RDI: 0000000000000005 RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000007 R10: 0000000000000004 R11: 0000000000002c10 R12: ffff88802ba69900 R13: 1ffff920000d9e67 R14: ffff888046f81800 R15: 0000000000000004 FS: 0000000000000000(0000) GS:ffff8880d69bc000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000560fc0ca1670 CR3: 0000000032c3a000 CR4: 0000000000352ef0 Call Trace: <TASK> tcp_data_queue+0x13b0/0x4f90 net/ipv4/tcp_input.c:5197 tcp_rcv_state_process+0xfdf/0x4ec0 net/ipv4/tcp_input.c:6922 tcp_v6_do_rcv+0x492/0x1740 net/ipv6/tcp_ipv6.c:1672 tcp_v6_rcv+0x2976/0x41e0 net/ipv6/tcp_ipv6.c:1918 ip6_protocol_deliver_rcu+0x188/0x1520 net/ipv6/ip6_input.c:438 ip6_input_finish+0x1e4/0x4b0 net/ipv6/ip6_input.c:489 NF_HOOK include/linux/netfilter.h:318 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] ip6_input+0x105/0x2f0 net/ipv6/ip6_input.c:500 dst_input include/net/dst.h:471 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline] NF_HOOK include/linux/netfilter.h:318 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0x264/0x650 net/ipv6/ip6_input.c:311 __netif_receive_skb_one_core+0x12d/0x1e0 net/core/dev.c:5979 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6092 process_backlog+0x442/0x15e0 net/core/dev.c:6444 __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7494 napi_poll net/core/dev.c:7557 [inline] net_rx_action+0xa9f/0xfe0 net/core/dev.c:7684 handle_softirqs+0x216/0x8e0 kernel/softirq.c:579 run_ksoftirqd kernel/softirq.c:968 [inline] run_ksoftirqd+0x3a/0x60 kernel/softirq.c:960 smpboot_thread_fn+0x3f7/0xae0 kernel/smpboot.c:160 kthread+0x3c2/0x780 kernel/kthread.c:463 ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> The TCP subflow can process the simult-connect syn-ack packet after transitioning to TCP_FIN1 state, bypassing the MPTCP fallback check, as the sk_state_change() callback is not invoked for * -> FIN_WAIT1 transitions.

Linux Debian Authentication Bypass
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21303 MEDIUM This Month

Out-of-bounds memory read in Substance 3D Modeler 1.22.4 and earlier allows disclosure of sensitive information from application memory. Exploitation requires a local user to open a specially crafted malicious file. No patch is currently available for this vulnerability.

Buffer Overflow Information Disclosure Substance 3d Modeler
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21302 MEDIUM This Month

Out-of-bounds memory read in Substance 3D Modeler 1.22.4 and earlier enables disclosure of sensitive data from process memory when a user opens a crafted file. The vulnerability requires user interaction to exploit but carries no availability or integrity impact. No patch is currently available for affected versions.

Buffer Overflow Information Disclosure Substance 3d Modeler
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21308 MEDIUM This Month

Out-of-bounds memory read in Substance 3D Designer 15.0.3 and earlier allows attackers to disclose sensitive information from application memory by tricking users into opening malicious files. The vulnerability requires local access and user interaction but carries no patch availability. This medium-severity flaw affects designers and creative professionals using vulnerable versions of the software.

Buffer Overflow Information Disclosure Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21278 MEDIUM This Month

Memory disclosure in Adobe InDesign versions 21.0, 19.5.5 and earlier through out-of-bounds read allows attackers to access sensitive information from application memory when users open specially crafted malicious files. This vulnerability requires user interaction to exploit but requires no special privileges to trigger. No patch is currently available for affected versions.

Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20833 MEDIUM PATCH This Month

Windows Server 2008 versions up to - is affected by use of a broken or risky cryptographic algorithm (CVSS 5.5).

Windows Windows Server 2022 23h2 Windows Server 2025 Windows Server 2008 Windows Server 2019 +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71080 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT On PREEMPT_RT kernels, after rt6_get_pcpu_route() returns NULL, the current task can be preempted.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71076 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit num_syncs to prevent oversized allocations The OA open parameters did not validate num_syncs, allowing userspace to pass arbitrarily large values, potentially leading to excessive allocations.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71072 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: shmem: fix recovery on rename failures maple_tree insertions can fail if we are seriously short on memory; simple_offset_rename() does not recover well if it runs into that. The same goes for simple_offset_rename_exchange().

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21301 MEDIUM This Month

Substance 3D Modeler versions 1.22.4 and earlier contain a null pointer dereference vulnerability that causes application crashes when processing specially crafted files. An attacker can exploit this denial-of-service condition by tricking users into opening a malicious project file, requiring no special privileges but user interaction to trigger the crash.

Null Pointer Dereference Substance 3d Modeler
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21300 MEDIUM This Month

Substance 3D Modeler versions 1.22.4 and earlier contain a null pointer dereference flaw that causes application crashes when a user opens a specially crafted file. This local denial-of-service vulnerability requires user interaction and currently lacks a security patch. The medium severity issue (CVSS 5.5) impacts availability but does not compromise confidentiality or integrity.

Null Pointer Dereference Substance 3d Modeler
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21288 MEDIUM This Month

Adobe Illustrator versions 29.8.3 and 30.0 and earlier are vulnerable to a null pointer dereference that enables local denial-of-service attacks when users open crafted files. An attacker can crash the application by supplying a malicious file, disrupting workflow for targeted users. No patch is currently available for this vulnerability.

Adobe Null Pointer Dereference Denial Of Service Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-68823 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ublk: fix deadlock when reading partition table When one process(such as udev) opens ublk block device (e.g., to read the partition table via bdev_open()), a deadlock[1] can occur: 1. bdev_open() grabs disk->open_mutex 2. [CVSS 5.5 MEDIUM]

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-9435 MEDIUM PATCH This Month

Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module [CVSS 5.5 MEDIUM]

Path Traversal Manageengine Admanager Plus
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-0890 MEDIUM PATCH This Month

DOM spoofing in Mozilla Firefox and Thunderbird's copy, paste, and drag-and-drop functionality allows unauthenticated attackers to deceive users into performing unintended actions through crafted content. The vulnerability affects Firefox versions below 147 and ESR versions below 140.7, as well as Thunderbird versions below 147 and 140.7, requiring user interaction to exploit. No patch is currently available.

Mozilla Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-14001 MEDIUM This Month

The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. [CVSS 5.4 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-37178 MEDIUM This Month

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. [CVSS 5.3 MEDIUM]

Denial Of Service Arubaos
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-37179 MEDIUM This Month

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. [CVSS 5.3 MEDIUM]

Denial Of Service Arubaos
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-68949 MEDIUM PATCH This Month

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. [CVSS 5.3 MEDIUM]

Code Injection N8n
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20927 MEDIUM PATCH This Month

Windows SMB Server denial of service via race condition affects Windows 10 21h2, Windows 11 24h2, and Windows Server 2022, allowing authenticated attackers to disrupt service availability through improper synchronization of shared resources. The vulnerability requires network access and specific conditions to trigger but carries no patch availability at this time. Impact is limited to availability with no confidentiality or integrity compromise.

Windows Race Condition Windows Server 2022 Windows 11 24h2 Windows 10 21h2 +12
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20936 MEDIUM PATCH This Month

Information disclosure in Windows NDIS allows a privileged local attacker with physical access to read sensitive kernel memory regions on Windows 10 and Windows 11 systems. The vulnerability requires both authentication and direct hardware interaction, limiting its practical exploitation to scenarios where an attacker has already compromised system access. No patch is currently available for affected Windows versions including 10 (21h2, 22h2) and 11 (25h2).

Windows Windows 10 22h2 Windows 10 21h2 Windows 11 25h2 Windows Server 2012 +11
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68925 MEDIUM PATCH This Month

Jervis versions up to 2.2 is affected by improper verification of cryptographic signature (CVSS 5.3).

Jenkins Jervis
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-0886 MEDIUM PATCH This Month

Improper boundary validation in the Graphics component of Firefox, Firefox ESR, and Thunderbird allows unauthenticated remote attackers to cause limited information disclosure over the network without user interaction. Affected versions include Firefox before 147, Firefox ESR before 115.32 and 140.7, and Thunderbird before 147 and 140.7. No patch is currently available for this medium-severity vulnerability.

Mozilla Buffer Overflow
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14507 MEDIUM This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. [CVSS 5.3 MEDIUM]

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-0883 MEDIUM PATCH This Month

The Networking component in Firefox and Thunderbird discloses sensitive information to unauthenticated remote attackers over the network. Affected versions include Firefox below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7. No patch is currently available to remediate this vulnerability.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-0888 MEDIUM PATCH This Month

Firefox and Thunderbird versions before 147 contain an information disclosure vulnerability in their XML processing component that allows unauthenticated attackers to access sensitive data over the network with minimal attack complexity. The vulnerability requires no user interaction and affects the confidentiality of information without impacting system integrity or availability. No security patch is currently available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-15056 MEDIUM This Month

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.

XSS Quill
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy