CVE-2026-8948 Same-origin policy bypass in the DOM: Networking component

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-8948

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-8948 Same-origin policy bypass in the DOM: Networking component

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

EUVD-2026-30900

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-8948

CVE-2026-8948: A same-origin policy bypass in the DOM: Networking component affecting Firefox and Thunderbird; fixed in Firefox 151 and Thunderbird 151. CVSS 3.1: 9.1 (CRITICAL), attack vector NETWORK, complexity LOW, no user interaction. No exploitation details provided in the documents. Remedia...

CVE-2026-8947 Use-after-free in the DOM: Bindings (WebIDL) component

Use-after-free in the DOM: Bindings WebIDL component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8947

CVE-2026-8947 describes a use-after-free in the DOM: Bindings (WebIDL) component of Firefox. The available sources confirm the issue and state it was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11. The documents do not provide exploit details, affected subcomponents beyond the W...

CVE-2026-8946

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-29226

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-29226 Apache OFBiz: Low-Privilege SSRF in Content Component

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-29226

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-29226

CVE-2026-29226 describes a Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz triggered via Content component operations. Affected versions are before 24.09.06. The recommended remediation is to upgrade to version 24.09.06, which fixes the issue. The available connected sources conf...

EUVD-2026-30858

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-29226 Apache OFBiz: Low-Privilege SSRF in Content Component

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-29207 Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

CVE-2026-29220

CVE-2026-29220 is a path traversal in Apache OFBiz (affects versions prior to 24.09.06). The root cause is improper limitation of a pathname to a restricted directory, exposing potential unauthorized access to files. The advisory’s impact, per CVSS 3.1, is a low confidentiality and integrity impa...

CVE-2026-29220 Apache OFBiz: Low-Privilege LFI in Content Component

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-29220 Apache OFBiz: Low-Privilege LFI in Content Component

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-8739

A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefilekey results in use of hard-coded...

PT-2026-41846

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...