CVE-2026-6757 Invalid pointer in the JavaScript: WebAssembly component

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6757 Invalid pointer in the JavaScript: WebAssembly component

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6757

CVE-2026-6757 corresponds to an invalid pointer in the JavaScript: WebAssembly component. The connected advisories confirm affected products as Firefox (including Firefox 150 and Firefox ESR 140.10) and Thunderbird (150 and 140.10), with fixes in those respective versions. Several entries (ALSA p...

CVE-2026-6757

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6757

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6754

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6754

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6754

CVE-2026-6754 is a memory-safety issue (Use-after-free) in the JavaScript Engine component that was fixed in Firefox 150 and related ESR branches, as well as Thunderbird 150/140.x lines. Public advisories confirm the flaw in the JavaScript engine leads to a potentially exploitable memory corrupti...

CVE-2026-6754 Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6754 Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6754

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

EUVD-2026-24073

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

CVE-2026-3317 Reflected Cross-Site Scripting in Navigate CMS application

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

KLA90994 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A...

Docmost 跨站脚本漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.80.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the possibility of including JavaScript URIs as links when posting comments on pages...

PT-2026-34007

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

Infoopia Dovestones ADPhonebook 安全漏洞

Infoopia Dovestones ADPhonebook is a corporate address book management system developed by the Canadian company Infoopia. Versions of Infoopia Dovestones ADPhonebook prior to version 4.0.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the search parameter in the...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the Helper::stripDangerousTags function used in the...

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Previous versions of Bludit, such as 6732dde, had a cross-site scripting vulnerability. This vulnerability stemmed from the search plugin’s reflective cross-site scripting feature, which allowed...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from incomplete XSS repairs in the ParsedownSafeWithLinks class, as well as the lack of coverage for...