Lucene search
K

1371 matches found

Vulnrichment
Vulnrichment
added 2026/05/19 12:29 p.m.10 views

CVE-2026-8955 Privilege escalation in the DOM: Workers component

Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

5.8AI score0.00386EPSS
Exploits0References5
CVE
CVE
added 2026/05/19 12:29 p.m.26 views

CVE-2026-8955

CVE-2026-8955 describes a privilege-escalation flaw in the DOM: Workers component. The vulnerability is fixed in Firefox 151 and Firefox ESR 140.11, as well as Thunderbird 151 and Thunderbird 140.11. The core issue is in the Workers implementation of the DOM, leading to elevated permissions. Per ...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References5Affected Software2
EUVD
EUVD
added 2026/05/19 12:29 p.m.13 views

EUVD-2026-30905

Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.5CVSS5.8AI score0.00386EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/19 12:29 p.m.9 views

CVE-2026-8955

Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

8.8CVSS5.8AI score0.00386EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

Mozilla多款产品 安全漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2026/05/19 12:0 a.m.20 views

KLA91062 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in...

9.8CVSS6.6AI score0.00605EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2026/05/19 12:0 a.m.19 views

KLA91058 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. Denia...

9.8CVSS6.5AI score0.00605EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-41909

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description A privilege escalation issue exists within the DOM: Workers component...

9.6CVSS5.8AI score0.00532EPSS
Exploits0References194
Kaspersky
Kaspersky
added 2026/05/19 12:0 a.m.19 views

KLA91059 Multiple vulnerabilities in Mozilla Thunderbird ESR

Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability...

9.8CVSS6.6AI score0.00605EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-8955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

8.8CVSS5.9AI score0.00386EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 7:16 p.m.30 views

CVE-2026-44592

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

9.4CVSS0.00157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 6:39 p.m.10 views

CVE-2026-44592 Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

9.4CVSS5.9AI score0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 6:39 p.m.28 views

EUVD-2026-30365

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

9.4CVSS5.9AI score0.00157EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:42 a.m.12 views

Malicious code in 0ctf-chalweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d7a129ab6079febb92ceac3587af97653477bce8a65b8e85bfa5bcae0293b0d The package's entire content xss.js is a 2-line cookie-stealing payload that creates an Image element pointing to...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.10 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-017348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017348 advisory. A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, an...

4.4CVSS5.8AI score0.02555EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 12:0 a.m.9 views

MAL-2026-3644 Malicious code in camelotlabs-worker (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/07 12:0 a.m.7 views

MAL-2026-3640 Malicious code in camelotlabs-config (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.22 views

Malicious code in camelotlabs-sdk (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.17 views

Malicious code in camelotlabs-core (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.19 views

Malicious code in camelotlabs-utils (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
Rows per page
Query Builder