CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2805 matches found

OSV•added 2026/05/19 2:16 p.m.•3 views

UBUNTU-CVE-2026-8953

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

9.6CVSS5.8AI score0.00532EPSS

Exploits0References11

RedHat Linux•added 2026/05/19 1:55 p.m.•13 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.9.4 security update

The multicluster engine for Kubernetes 2.9 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.9 images The multicluster engine for Kubernetes provides the foundational components that are...

10CVSS6.8AI score0.00522EPSS

Exploits7References9

Vulnrichment•added 2026/05/19 12:29 p.m.•7 views

CVE-2026-8953 Sandbox escape due to use-after-free in the Disability Access APIs component

5.8AI score0.00532EPSS

Exploits0References6

EUVD•added 2026/05/19 12:29 p.m.•6 views

EUVD-2026-30901

9.6CVSS5.8AI score0.00532EPSS

Exploits0References6

Debian CVE•added 2026/05/19 12:29 p.m.•5 views

CVE-2026-8953

9.6CVSS5.8AI score0.00532EPSS

Exploits0

Positive Technologies•added 2026/05/19 12:0 a.m.•8 views

PT-2026-41907

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 115.36 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description A use-after-free issue in the Disability Access APIs...

9.8CVSS5.7AI score0.00605EPSS

Exploits0References142

CNNVD•added 2026/05/19 12:0 a.m.•8 views

Mozilla多款产品资源管理错误漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

9.6CVSS5.8AI score0.00532EPSS

Exploits0References1

Kaspersky•added 2026/05/19 12:0 a.m.•12 views

KLA91062 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in...

9.8CVSS6.6AI score0.00605EPSS

Exploits0References3

Tenable Nessus•added 2026/05/19 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-8953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.1...

9.6CVSS5.9AI score0.00532EPSS

Exploits0References2

Vulnrichment•added 2026/05/16 5:0 a.m.•7 views

CVE-2026-8657

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch and jsondiffpatch/formatters/jsonpatch.patch APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property...

8.8CVSS5.8AI score0.0037EPSS

Exploits0References7

EUVD•added 2026/05/16 5:0 a.m.•11 views

EUVD-2026-30670

8.8CVSS5.8AI score0.0037EPSS

Exploits0References7

RedhatCVE•added 2026/05/15 7:57 p.m.•5 views

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS

Exploits0References1

RedhatCVE•added 2026/05/15 7:57 p.m.•4 views

CVE-2026-45371

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST...

7.2CVSS5.9AI score0.00207EPSS

Exploits0References1

Vulnrichment•added 2026/05/15 3:38 p.m.•10 views

CVE-2026-2031 Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution.

An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to...

10CVSS6AI score0.00486EPSS

Exploits0References1

EUVD•added 2026/05/15 3:38 p.m.•10 views

EUVD-2026-30552

10CVSS6AI score0.00486EPSS

Exploits0References1

ATTACKERKB•added 2026/05/15 3:38 p.m.•4 views

CVE-2026-2031

10CVSS6AI score0.00486EPSS

Exploits0References2

RedhatCVE•added 2026/05/14 7:58 p.m.•5 views

CVE-2025-27853

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...

7.3CVSS5.8AI score0.00297EPSS

Exploits0References1