CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 4160 of 2562 results
«« First « Prev Page 3 / 129 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-12323 Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. 5.4 0.17% 2026-06-16 2026-06-17
CVE-2025-5270 In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139. 7.5 0.17% 2025-05-27 2026-06-17
CVE-2025-14744 Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0. 6.5 0.17% 2025-12-18 2026-06-17
CVE-2025-6434 The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 140. 4.3 0.17% 2025-06-24 2026-06-17
CVE-2025-13013 Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. 6.1 0.17% 2025-11-11 2026-06-17
CVE-2025-3859 Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138. 6.1 0.17% 2025-04-30 2026-06-17
CVE-2024-3860 An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125. 6.2 0.17% 2024-04-16 2026-06-17
CVE-2025-6426 The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12. 8.8 0.17% 2025-06-24 2026-06-17
CVE-2026-12313 Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 4.7 0.18% 2026-06-16 2026-06-17
CVE-2025-23109 Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134. 6.5 0.18% 2025-01-10 2026-06-17
CVE-2026-24868 Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2. 6.5 0.18% 2026-01-27 2026-06-17
CVE-2025-6428 When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140. 4.3 0.18% 2025-06-24 2026-06-17
CVE-2025-1939 Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136. 3.9 0.18% 2025-03-04 2026-06-17
CVE-2026-12320 Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. 4.3 0.18% 2026-06-16 2026-06-17
CVE-2025-6431 When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140. 6.5 0.18% 2025-06-24 2026-06-17
CVE-2025-5020 Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefox for iOS 139. 4.3 0.18% 2025-05-21 2026-06-17
CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. 4.3 0.18% 2025-05-27 2026-06-17
CVE-2026-2919 Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability was fixed in Focus for iOS 148.2. 4.3 0.18% 2026-03-09 2026-06-17
CVE-2026-12311 Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 4.7 0.18% 2026-06-16 2026-06-17
CVE-2023-29532 A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10 5.5 0.18% 2023-06-19 2026-06-17
«« First « Prev Page 3 / 129 Next »
cvelogic Threat Intelligence