CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/01 11:24 a.m.•11 views

CVE-2026-9309

CVE-2026-9309 affects Firefox for iOS Reader View. The issue is improper escaping of HTML tags in JSON-LD metadata, enabling a malicious page to inject markup that leaks sensitive URL parameters and could lead to arbitrary JavaScript execution in an internal origin. Impact is described as access ...

Exploits0References2Affected Software1

AlpineLinux•added 2026/06/01 11:24 a.m.•7 views

CVE-2026-9309

EUVD•added 2026/06/01 11:24 a.m.•6 views

EUVD-2026-33630

Vulnrichment•added 2026/06/01 11:24 a.m.•8 views

CVE-2026-9308 Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

5.9AI score0.00041EPSS

ATTACKERKB•added 2026/06/01 11:24 a.m.•7 views

CVE-2026-9308

EUVD•added 2026/06/01 11:24 a.m.•5 views

Exploits0References3

EUVD-2026-33629

CVE•added 2026/06/01 11:24 a.m.•14 views

CVE-2026-9308

CVE-2026-9308 affects Firefox for iOS Reader View. The issue occurs when HTML templates are processed before internal placeholders are replaced, allowing a malicious page to substitute a placeholder with JSON-LD data and potentially execute arbitrary JavaScript. The fix is in Firefox for iOS 151....

Exploits0References2Affected Software1

Cvelist•added 2026/06/01 11:24 a.m.•26 views

CVE-2026-9308 Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

0.00041EPSS

AlpineLinux•added 2026/06/01 11:24 a.m.•6 views

CVE-2026-9308

Wired Threat Level•added 2026/06/01 9:30 a.m.•15 views

Websites Can Now Spy on You Through Your Hard Drive

Thanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using simple JavaScript...

5.8AI score

Exploits0

Nuclei•added 2026/06/01 5:38 a.m.•116 views

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

9.8CVSS7.9AI score0.92863EPSS

Exploits0References5

RedHat Linux•added 2026/06/01 3:18 a.m.•10 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.1AI score0.00076EPSS

Exploits1References5

Positive Technologies•added 2026/06/01 12:0 a.m.•8 views

PT-2026-45648

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description Kiteworks is a private data network PDN. A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript...

8.2CVSS5.6AI score0.00037EPSS

Exploits0References5

CNNVD•added 2026/06/01 12:0 a.m.•6 views

OFCMS SQL Injection Vulnerability

OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from an SQL injection in the Query function of the SysUserController.java file within the JSON query interface...

6.5CVSS6.6AI score0.00031EPSS

Exploits0References5

Mozilla•added 2026/06/01 12:0 a.m.•16 views

Security Vulnerabilities fixed in Firefox for iOS 151.2 — Mozilla

Exploits0References2Affected Software1

Tenable Nessus•added 2026/06/01 12:0 a.m.•8 views

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2026:2109-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2109-1 advisory. This update for MozillaFirefox fixes the following issues Update to Firefox Extended Support Release 140.11.0...

9.8CVSS6AI score0.00164EPSS

Exploits0References51

OSV•added 2026/06/01 12:0 a.m.•4 views

ALSA-2026:22325 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...

9.8CVSS5.9AI score0.00164EPSS

Exploits0References40

CNNVD•added 2026/06/01 12:0 a.m.•8 views

Mozilla Firefox for iOS security vulnerabilities

Mozilla Firefox for iOS is a web browser designed for iOS devices by the Mozilla Foundation in the United States. Versions of Mozilla Firefox for iOS prior to 151.2 contained a security vulnerability. This vulnerability stemmed from Reader View replacing the page content in the HTML template befo...

Positive Technologies•added 2026/06/01 12:0 a.m.•11 views

PT-2026-45411