CVE-2026-20128

CVE-2026-20128 affects Cisco Catalyst SD-WAN Manager: Data Collection Agent stores the DCA password in a recoverable credential file on the filesystem, enabling an authenticated, local attacker with valid vManage credentials to read the file and gain DCA user privileges, potentially compromising ...

PT-2026-21955

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager versions prior to 20.18 Description A flaw in the Data Collection Agent DCA feature allows an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This issue is caused by the presenc...

PT-2026-22055

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2026.1.14 Description The Model Context Protocol Servers software contains an issue where the git add tool does not properly validate file paths provided in the files argument. This allows relative paths...

Server-side Request Forgery (SSRF)

Overview payload is a Node, React and MongoDB Headless CMS and Application Framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the external file upload endpoint due to insufficient validation of HTTP redirects. An attacker can access internal network...

CVE-2026-27567

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...

CVE-2026-27567 Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...

CVE-2026-2795

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 148 and Thunderbird 148...

CVE-2026-2802 Race condition in the JavaScript: GC component

Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2802

Race condition in the JavaScript: GC component. This vulnerability affects Firefox 148 and Thunderbird 148...

CVE-2026-2797

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

EUVD-2026-8451

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 148...

CVE-2026-2795

Summary (based on provided docs): CVE-2026-2795 is a use-after-free in the JavaScript GC component, affecting Firefox versions before 148. The connected documents specify the vulnerability class and affected product/component but do not supply exploit details, remediation steps, or versioned impa...

EUVD-2026-8448

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 148...

CVE-2026-2795 Use-after-free in the JavaScript: GC component

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2758 Use-after-free in the JavaScript: GC component

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

Mozilla多款产品 资源管理错误漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

Mozilla Thunderbird < 148.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 148.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-16 advisory. - Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of...

PT-2026-21760

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.75.0 Description Payload is a free and open source headless content management system. A Server-Side Request Forgery SSRF issue exists in the external file upload functionality. Insufficient validation of HTTP...

Mozilla Firefox ESR < 140.8

The version of Firefox ESR installed on the remote Windows host is prior to 140.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-15 advisory. - Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and...

Mozilla Firefox < 148.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 148.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-13 advisory. - Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory...