Lucene search
K

683 matches found

OSV
OSV
added 2026/05/15 1:59 p.m.5 views

OESA-2026-2292 thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.CVE-2026-8090 Memory safety bu...

9.8CVSS6AI score0.00446EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.9 views

MiracleLinux 9 : thunderbird-140.10.0-1.el9_7.ML.1 (AXSA:2026-616:11)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-616:11 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the...

9.8CVSS6.1AI score0.04938EPSS
Exploits1References26
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:51 p.m.7 views

CVE-2026-44700

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/14 8:17 p.m.8 views

CVE-2026-8526

Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00383EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/14 7:58 p.m.8 views

firefox: thunderbird: Incorrect boundary conditions in the WebRTC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC component...

7.5CVSS5.7AI score0.00306EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/14 7:52 p.m.32 views

CVE-2026-8526

Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

0.00383EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/14 7:50 p.m.9 views

firefox: thunderbird: Use-after-free in the WebRTC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the WebRTC component...

7.5CVSS5.7AI score0.004EPSS
Exploits0References6
Amazon
Amazon
added 2026/05/14 12:0 a.m.11 views

Important: firefox

Issue Overview: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654 Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150,...

9.8CVSS6.2AI score0.04938EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.14 views

RHEL 9 : firefox (RHSA-2026:17687)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:17687 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

9.8CVSS6.1AI score0.04938EPSS
Exploits1References52
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8526

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...

8.8CVSS6.2AI score0.00383EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.14 views

SUSE CVE-2026-43415

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 12:0 p.m.7 views

SUSE-SU-2026:1830-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.2 ESR bsc1264378,MFSA 2026-41: - CVE-2026-8090: Use-after-free in the DOM: Networking component. - CVE-2026-8092: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and...

9.8CVSS6AI score0.00446EPSS
Exploits0References11
OSV
OSV
added 2026/05/12 12:0 p.m.5 views

SUSE-SU-2026:1829-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.1 ESR bsc1263110,MFSA 2026-36: - CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component. - CVE-2026-7321: Sandbox escape due to incorrect...

9.6CVSS6AI score0.00375EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/08 10:33 p.m.8 views

CVE-2026-7951

An out of bounds write flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496266456...

8.8CVSS5.7AI score0.00383EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.11 views

CVE-2026-43415

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References7
CVE
CVE
added 2026/05/08 2:21 p.m.18 views

CVE-2026-43415

CVE-2026-43415 describes a race in the Linux kernel’s UFS host controller driver (scsi: ufs: core) during UFS suspend. The issue arises because cancel_delayed_work_sync() is invoked after ufshcd_vops_suspend(..., POST_CHANGE), allowing ufshcd_rtc_work() to race with suspend operations and potenti...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/08 2:21 p.m.30 views

CVE-2026-43415 scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

0.00089EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.7 views

CVE-2026-43415

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-39076

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the ufshcd wl suspend function. The cancel delayed work sync call is positioned after ufshcd vops suspend, allowing ufshcd rtc work to run while ufshcd vops...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39291

Name of the Vulnerable Software and Affected Versions Elixir WebRTC versions prior to 0.15.1 Elixir WebRTC versions prior to 0.16.1 Description Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. When acting as th...

8.7CVSS5.9AI score0.00255EPSS
Exploits0References11
Rows per page
Query Builder