446
CVEs
133
Critical
188
High
0
KEV
12
PoC
10
Unpatched C/H
93.5%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
133
HIGH
188
MEDIUM
121
LOW
4
Monthly CVE Trend
Affected Products (27)
Thunderbird
42
Open Redirect
9
Firefox
5
PHP
5
Cors Misconfiguration
4
Node.js
3
Python
2
Prototype Pollution
2
H300s Firmware
1
H410c Firmware
1
H410s Firmware
1
AI / ML
1
H700s Firmware
1
Jwt Attack
1
Kubernetes
1
Mail Server
1
Neqo
1
Open Xchange Appsuite Frontend
1
Safari
1
H500s Firmware
1
Anything Llm
1
Bootstrap Os
1
Chrome
1
Curl
1
Debian Linux
1
Dify
1
Docker
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2024-4367 | Arbitrary JavaScript execution in Mozilla's PDF.js library affects Firefox before 126, Firefox ESR before 115.11, and Thunderbird before 115.11 when rendering a malicious PDF document. A missing type check in font handling lets a crafted PDF run JavaScript in the PDF.js context, and publicly available exploit code exists with an EPSS of 34.61% (97th percentile) indicating elevated exploitation likelihood. | HIGH | 8.8 | 34.6% | 109 |
PoC
|
| CVE-2026-4689 | A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
|
| CVE-2025-4918 | An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 0.6% | 70 |
PoC
|
| CVE-2026-2796 | JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
|
| CVE-2025-8043 | Firefox and Thunderbird URL truncation flaw enables spoofing attacks by displaying misleading origins in the address bar. Affects all Firefox versions prior to 141 and corresponding Thunderbird releases. Attackers can craft URLs that hide the true destination, tricking users into visiting malicious sites. Publicly available exploit code exists. CVSS 9.8 critical rating reflects network-based attack requiring no authentication, though real-world exploitation requires social engineering (user interaction despite UI:N vector). | CRITICAL | 9.8 | 0.1% | 69 |
PoC
|
| CVE-2025-0247 | Memory safety bugs present in Firefox 133 and Thunderbird 133. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available. | CRITICAL | 9.8 | 15.1% | 64 |
|
| CVE-2025-0665 | A double-close vulnerability exists in libcurl when tearing down connection channels after threaded name resolution, causing the same eventfd file descriptor to be closed twice. This affects curl version 8.11.1 and various NetApp products that bundle libcurl, potentially leading to file descriptor confusion, limited information disclosure, and high availability impact. A public proof-of-concept exploit is available (HackerOne report 2954286), and the vulnerability has a notably high EPSS score of 6.37% (91st percentile), indicating elevated real-world exploitation likelihood. | HIGH | 7.0 | 6.4% | 61 |
PoC
|
| CVE-2025-1937 | Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 0.3% | 58 |
PoC
|
| CVE-2026-0889 | Service Workers in Mozilla Firefox and Thunderbird versions below 147 are vulnerable to remote denial-of-service attacks that require no user interaction or authentication. An unauthenticated attacker can crash affected applications over the network, and public exploit code exists for this vulnerability. Currently no patch is available for remediation. | HIGH | 7.5 | 0.0% | 58 |
PoC
|
| CVE-2025-3028 | JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.5 | 0.7% | 53 |
PoC
|
| CVE-2025-1015 | The Thunderbird Address Book URI fields contained unsanitized links. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.2% and no vendor patch available. | MEDIUM | 5.4 | 25.2% | 52 |
|
| CVE-2026-2761 | Second sandbox escape in Firefox WebRender component. CVSS 10.0 — independent path from CVE-2026-2760 to escape the content process sandbox. | CRITICAL | 10.0 | 0.1% | 50 |
|
| CVE-2025-2857 | Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 0.1% | 50 |
|
| CVE-2026-2768 | Sandbox escape via IndexedDB in Firefox before 148 and Thunderbird. CVSS 10.0 — the Storage: IndexedDB component allows escaping the content process sandbox. | CRITICAL | 10.0 | 0.1% | 50 |
|
| CVE-2026-2778 | Sandbox escape via DOM Core & HTML component in Firefox before 148. CVSS 10.0 — fifth sandbox escape in this release. | CRITICAL | 10.0 | 0.1% | 50 |
|