CVE-2026-11339

The affected device is D-Link DWR-M920 up to firmware 1.1.50 . The vulnerability resides in the function sub_41CF20 of the file /boafrm/formUSSDSetup ; manipulating the argument ussdValue results in command injection . It can be triggered remotely over the network, and the exploit is public. No r...

CVE-2026-40543

CVE-2026-40543 affects SOPlanning prior to v1.56, where backup functionalities lack authorization. An unauthenticated attacker can directly query backup endpoints to retrieve backup archives containing user databases (including usernames and password hashes) and the config.csv file with additiona...

Astra Linux - уязвимость в rustc

In the standard library of Rust before version 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corrupti...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corrupti...

CVE-2026-8973

Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-8953 Sandbox escape due to use-after-free in the Disability Access APIs component

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8946

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8388 Incorrect boundary conditions in the JavaScript Engine: JIT component

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

OESA-2026-2107 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

EUVD-2026-24103

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10...

EUVD-2026-24098

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10...

EUVD-2026-24088

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10...

CVE-2026-6785

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

CVE-2026-6781

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

CVE-2026-6774 Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

CVE-2026-6755 Mitigation bypass in the DOM: postMessage component

Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

CVE-2026-6755 Mitigation bypass in the DOM: postMessage component

Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

CVE-2026-6754

CVE-2026-6754 covers a use-after-free vulnerability in the JavaScript Engine component. The issue, described in multiple sources, was fixed in Firefox 150 and Firefox ESR 115.35 and 140.10. The connected records identify the vulnerability class (use-after-free) and the affected product family (Fi...

CVE-2026-6754 Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...