firefox: thunderbird: Use-after-free in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine: JIT component...

firefox: thunderbird: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component...

firefox: thunderbird: Integer overflow in the JavaScript: Standard Library component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the JavaScript: Standard Library component...

firefox: thunderbird: Use-after-free in the JavaScript: GC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript: GC component...

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

firefox: thunderbird: Invalid pointer in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript Engine component...

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

firefox: thunderbird: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component...

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

EUVD-2026-11027

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

EUVD-2026-11014

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

EUVD-2026-10962

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2026-27262

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

Improper Encoding or Escaping of Output

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the setReturnUrl function. An attacker can execute arbitrary JavaScript in the context of the application by supplying a crafted return URL...

CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization

Summary The fix for CVE-2025-35939 in craftcms/cms introduced a striptags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, striptags only removes HTML tags angle brackets -- it does not inspect or filter URL schemes. Payloads like...

CVE-2026-27223

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2026-27256

CVE-2026-27256 affects Adobe Experience Manager 6.5.23 and earlier. It is a stored XSS in form fields, allowing a low-privileged attacker to inject JavaScript executed in victims’ browsers. Remediation: update to 6.5.24 or later (vendor advisories indicate fixes were released).

EUVD-2026-10870

Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Code execution vulnerability in multiple Mozilla products (CNVD-2026-13444)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in several Mozilla products that...