Common Vulnerabilities and Exposures (CVE)
CVE-2025-13024
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 145 and Thunderbird < 145.
CVE-2025-13025
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145.
CVE-2025-36134
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
CVE-2025-13026
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145.
CVE-2025-13017
Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13018
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13019
Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13020
Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-12043
The Autochat Automatic Conversation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_auycht_saveCid' AJAX endpoint in all versions up to, and including, 1.1.9. ...
CVE-2025-13027
Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability ...
CVE-2025-13414
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdash_watch_for_export() function in all versions up to, and including, 3.3.11. This makes it p...
CVE-2025-59485
Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where t...
CVE-2025-10646
The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to, and including, 2.5.7. This makes it possible ...
CVE-2025-6389
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then pas...
CVE-2025-12742
A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigat...