Lucene search
+L

329 matches found

CNVD
CNVD
added 2026/06/30 12:0 a.m.3 views

Multiple Mozilla products have buffer overflow vulnerabilities (CNVD-2026-26388)

Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. Several Mozilla products have buffer overflow vulnerabilities...

9.6CVSS6.2AI score0.00393EPSS
Exploits0
OSV
OSV
added 2026/06/26 12:3 p.m.6 views

RLSA-2026:29940 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component CVE-2026-12313 firefox:...

7.5CVSS5.8AI score0.00476EPSS
Exploits0References30
OSV
OSV
added 2026/06/25 12:0 a.m.4 views

ALSA-2026:29940 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component CVE-2026-12313 firefox:...

9.6CVSS5.8AI score0.00476EPSS
Exploits0References60
OSV
OSV
added 2026/06/23 1:27 p.m.4 views

SUSE-SU-2026:2582-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.12.0 ESR MFSA 2026-58, bsc1268071: - CVE-2026-12289: Privilege escalation in the Graphics: WebRender component. - CVE-2026-12290: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12291: Use-after-free in the...

9.6CVSS5.9AI score0.00476EPSS
Exploits0References31
AlmaLinux
AlmaLinux
added 2026/06/22 12:0 a.m.7 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process...

9.6CVSS5.8AI score0.00476EPSS
Exploits0References60
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.10 views

Mozilla Firefox < 152.0

The version of Firefox installed on the remote Windows host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-57 advisory. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References41
NVD
NVD
added 2026/06/10 11:16 p.m.11 views

CVE-2026-47712

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS0.00139EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/06/07 12:0 a.m.8 views

p5-ack -- Multiple issues

Ack project reports: CVE-2026-49147: filename ANSI escape sequences CVE-2026-49146: project .ackrc -A -B -C memory exhaustion CVE-2026-49145: project .ackrc --follow / --files-from file exfiltration...

7.5CVSS5.4AI score0.0038EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.13 views

CVE-2026-48188

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

9.1CVSS5.6AI score0.00362EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/05 6:26 p.m.33 views

CVE-2026-46394 HAX CMS Vulnerable to Command Injection using Git.php

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via procopen. An...

7.7CVSS0.00768EPSS
Exploits1References1
OSV
OSV
added 2026/06/05 12:4 p.m.9 views

RLSA-2026:22325 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...

7.5CVSS5.5AI score0.00605EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.22 views

RockyLinux 10 : firefox (RLSA-2026:21380)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21380 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References37
NVD
NVD
added 2026/06/01 4:16 a.m.20 views

CVE-2026-48188

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

9.1CVSS0.00362EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/01 3:33 a.m.17 views

EUVD-2026-33552

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

9.1CVSS5.9AI score0.00362EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/01 3:33 a.m.47 views

CVE-2026-48188 SQL Injection via MySQL Quote Method

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

9.1CVSS0.00362EPSS
Exploits1References1
CVE
CVE
added 2026/06/01 3:33 a.m.49 views

CVE-2026-48188

OTRS (including the ((OTRS)) Community Edition) has a SQL injection in the database layer module that allows unauthenticated access to bypass authentication, triggered when MySQL/MariaDB is configured with NO_BACKSLASH_ESCAPES. Affected versions include 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2...

9.1CVSS5.9AI score0.00362EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45260

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.x through 2026.3.x OTRS Community Edition version 6.0.x Description Improper input validation in the database layer module allows an unauthenticated SQL injection, which can lead to an authentication bypass. This enables...

9.1CVSS5.6AI score0.00362EPSS
Exploits1References8
EUVD
EUVD
added 2026/05/29 1:14 p.m.14 views

EUVD-2026-33310

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.14 views

CVE-2026-47118

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00375EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/27 4:24 p.m.19 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References20
Rows per page
Query Builder