CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33619 matches found

Github Security Blog•added 2026/05/19 4:31 p.m.•9 views

Budibase: Unrestricted Upload of File with Dangerous Type

Summary The file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions html, svg, js, php, etc. are conditionally wrapped inside if isPublicUser or if isPublicUser || !env.SELFHOSTED, meaning an...

7.6CVSS5.8AI score0.00033EPSS

Exploits0References4Affected Software1

NVD•added 2026/05/19 4:16 p.m.•8 views

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS0.00176EPSS

Exploits0References2

RedHat Linux•added 2026/05/19 4:14 p.m.•6 views

firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...

6.5CVSS5.7AI score0.00063EPSS

Exploits0References6

RedHat Linux•added 2026/05/19 4:14 p.m.•5 views

firefox: thunderbird: Use-after-free in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...

7.5CVSS5.7AI score0.00069EPSS

Exploits0References6

RedHat Linux•added 2026/05/19 4:14 p.m.•5 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.8CVSS5.7AI score0.00067EPSS

Exploits0References6

RedHat Linux•added 2026/05/19 4:14 p.m.•6 views

firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

6.3CVSS5.7AI score0.00048EPSS

Exploits0References6

NVD•added 2026/05/19 2:16 p.m.•8 views

CVE-2026-8969

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

8.1CVSS0.00043EPSS

Exploits0References3

NVD•added 2026/05/19 2:16 p.m.•9 views

CVE-2026-8965

Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

7.5CVSS0.0004EPSS

Exploits0References3

NVD•added 2026/05/19 2:16 p.m.•6 views

CVE-2026-8948

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

9.1CVSS0.00039EPSS

Exploits0References3

OSV•added 2026/05/19 2:16 p.m.•3 views

UBUNTU-CVE-2026-8965

Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

7.5CVSS5.8AI score0.0004EPSS

Exploits0References6

UbuntuCve•added 2026/05/19 2:16 p.m.•4 views

CVE-2026-8965

Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

7.5CVSS5.8AI score0.0004EPSS

Exploits0References5

OSV•added 2026/05/19 2:16 p.m.•3 views

UBUNTU-CVE-2026-8969

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

8.1CVSS5.8AI score0.00043EPSS

Exploits0References6

OSV•added 2026/05/19 2:16 p.m.•4 views

UBUNTU-CVE-2026-8962

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

8.1CVSS5.8AI score0.00048EPSS

Exploits0References10

RedHat Linux•added 2026/05/19 1:24 p.m.•8 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00036EPSS

Exploits0References6

RedHat Linux•added 2026/05/19 1:23 p.m.•8 views

firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...

6.5CVSS5.7AI score0.00063EPSS

Exploits0References6

RedHat Linux•added 2026/05/19 1:23 p.m.•5 views

firefox: thunderbird: Use-after-free in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...

7.5CVSS5.7AI score0.00069EPSS

Exploits0References6