365726 matches found
CVE-2026-12306
CVE-2026-12306 is a memory-safety vulnerability fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. The connected sources confirm the affected products and versions, with the Debian Fedora OSV entries echoing the same remediation. Practical impact is a potential sec...
CVE-2026-12305
Memory-safety vulnerability CVE-2026-12305 affecting Mozilla Firefox and Thunderbird, fixed in Firefox 152 (including ESR 140.12) and Thunderbird 152/140.12. Root cause stated as memory safety bug; no exploitation details provided. Remediation: upgrade to Firefox 152 / ESR 140.12 and Thunderbird ...
CVE-2026-12304
CVE-2026-12304 involves a Same-origin policy bypass in the Networking: Cookies component affecting Mozilla products. The vulnerability is documented for Firefox and Thunderbird (including firefox-esr and Thunderbird ESR variants) with fixes implemented in Firefox 152, Firefox ESR 140.12, Thunderb...
CVE-2026-12303
CVE-2026-12303 concerns information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. The vulnerability affects Firefox and Thunderbird and is fixed in Firefox 152 and Thunderbird 152. Root cause: boundary condition handling in WebGPU. Impact is information disclo...
CVE-2026-12302
CVE-2026-12302 is a mitigation bypass in the DOM: Security component that has been fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. Multiple advisories and vendor notes confirm the patch exists in these versions. Affected products in the conne...
CVE-2026-12301
CVE-2026-12301 is a memory-safety vulnerability that is fixed in Firefox 152 and Thunderbird 152. The Connected sources consistently describe the issue as a memory-safety bug resolved by upgrading to Firefox 152/Thunderbird 152; no exploitation details are provided in the documents. Affected comp...
CVE-2026-12300
CVE-2026-12300 describes a memory-safety issue that was fixed in Firefox 152 and Thunderbird 152. The available sources confirm the affected products are Mozilla Firefox/Thunderbird, with the underlying problem labeled as a memory safety bug. The CVSS metrics in the initial document indicate a ba...
CVE-2026-12299
CVE-2026-12299 corresponds to a JIT miscompilation in the DOM: Core & HTML component. The issue affects Mozilla Firefox and related products; it has been fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. Debian and OSV entries corroborate the s...
CVE-2026-12298
CVE-2026-12298 is a memory safety bug that Mozilla has fixed in Thunderbird 152 and Firefox 152 (and Firefox ESR 140.12; Thunderbird 140.12). Affected products mentioned in the provided sources include Thunderbird and Firefox variants; Debian/OSV/Nessus references confirm the same fix exists acro...
CVE-2026-12297
CVE-2026-12297 describes a sandbox escape caused by incorrect boundary conditions in Mozilla Firefox/Thunderbird networking code. Affects Firefox and Thunderbird components; underlying fault is boundary-condition handling in the Networking component that allowed escape from the sandbox. Impact pe...
CVE-2026-12296
CVE-2026-12296 describes a sandbox escape in the Security: Process Sandboxing component. Affected products include Mozilla Firefox and Firefox ESR, and Mozilla Thunderbird with fixes implemented in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. The description does not ...
CVE-2026-12295
CVE-2026-12295 describes a sandbox escape in the DOM: Navigation component affecting Mozilla Firefox and Thunderbird. The vulnerability is fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. The entry lists a CVSS v3.1 base score of 9.6 (CRITICAL...
CVE-2026-12294
CVE-2026-12294 concerns a Sandbox escape in the DOM: Workers component found in Mozilla products. The vulnerability affects Firefox (including Firefox 152 and ESR branches 140.12 and 115.37) and Thunderbird (152 and 140.12). The underlying issue is a sandbox escape in the Workers component, with ...
CVE-2026-12293
CVE-2026-12293 is a use-after-free in the Graphics: WebGPU component. The flaw is fixed in Firefox 152 and Thunderbird 152. Sources from NVD/Mozilla advisories confirm the issue and the patch versions; exploit details are not provided in the supplied documents. The vulnerability is classified wit...
CVE-2026-12292
CVE-2026-12292 : Incorrect boundary conditions in the Web Audio component are fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. Affected software is Mozilla Firefox/Thunderbird Web Audio implementation; mitigation is upgrade to the stated fixed versions. Other con...
CVE-2026-12291
CVE-2026-12291 is a use‑after‑free defect in the Networking: HTTP component that affects Firefox and Thunderbird products. The vulnerability is fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. The CVSS 3.1 base score is 8.8 (HIGH) with network...
CVE-2026-12290
A memory-safety vulnerability affecting Mozilla Thunderbird and related Firefox components has been fixed in Thunderbird 152 and Firefox 152 (and ESR branches 140.12 and 115.37). The CVE-2026-12290 entry, and associated related CVEs cited in SUSE/OSV/Debian/Bugzilla/MFSA advisories, indicate a me...
CVE-2026-12289
CVE-2026-12289 describes a privilege-escalation vulnerability in the Graphics: WebRender component. The public description and connected advisories indicate this affects Mozilla Firefox and Thunderbird products, with fixes shipped in: Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbi...
CVE-2026-9507
CVE-2026-9507 affects osTicket v1.18.2. A session fixation flaw arises because the application does not invalidate the pre-authentication cookie or generate a new identifier for the authenticated context (OSTSESSID). As a result, an attacker could set a known session ID in the victim’s browser an...
CVE-2026-12225
CVE-2026-12225 affects syracom Secure Login (2FA) for Atlassian Jira, Confluence and Bitbucket (v3.4.0.x). The vulnerability enables an authentication bypass: an attacker with valid credentials can bypass 2FA by sending requests with a crafted User-Agent (e.g., AtlassianMobileApp, JIRA), allowing...
CVE-2026-40750
CVE-2026-40750 : The WordPress Kids Online Store theme (versions up to 0.8.9) is affected by an arbitrary file upload vulnerability described as Unrestricted Upload of File with Dangerous Type, enabling upload of a web shell to the web server. Connected documents corroborate the issue and specify...
CVE-2026-8484
The CVE-2026-8484 entry describes a heap buffer overflow in the Jansi JNI"ioctl()" wrapper caused by missing size verification of the argument array before the system call. Affected software is Jansi (JNI wrapper) and, per sources, all versions are believed vulnerable. Consequences stated are hea...
CVE-2026-10829
CVE-2026-10829 affects the NPort W2150A-W4 / W2250A-W4 Series (versions 1.5 and earlier). The issue is a stack-based buffer overflow caused by insufficient input validation of the "Server location" parameter on the Basic settings web page. An attacker can send crafted input to the web service to ...
CVE-2026-10828
The CVE-2026-10828 affects the NPort W2150A-W4/W2250A-W4 Serial Param config page, where the alias parameter is vulnerable to format-string handling due to insufficient input validation in version 1.5 and earlier. This can lead to memory disclosure and potential ASLR bypass. No exploitation detai...
CVE-2026-8176
CVE-2026-8176 affects the LatePoint – Calendar Booking Plugin for WordPress. In versions up to 5.5.1, three independent flaws allow an authenticated Agent+ to overwrite a WordPress Administrator’s password without using an Administrator-only API, enabling privilege escalation to Administrator. Th...
CVE-2026-8442
The WP Review Slider Pro plugin for WordPress is affected up to version 12.6.8 by Arbitrary File Deletion due to missing authorization on the wpfb_hide_review and wprp_save_review_admin AJAX handlers and inadequate path validation in wpfb_hidereview_ajax(), which uses strpos() to verify the URL p...
CVE-2026-2381
The CVE concerns the WooCommerce Stripe Payment Gateway plugin for WordPress, affected in all versions up to 10.7.0. Root cause: missing capability check and missing order ownership/order_key verification in the wc_stripe_pay_for_order WC‑AJAX endpoint, with only a nonce validation. Impact: unaut...
CVE-2026-40809
CVE-2026-40809 concerns the WordPress Metro Magazine theme (versions
CVE-2026-49772
CVE-2026-49772 affects WordPress plugin The Events Calendar (Liquid Web / StellarWP) versions 6.15.12–6.16.2. The issue is an SQL Injection due to improper neutralization of special elements, enabling blind SQL injection. CVSS 3.1 base score 9.3 (CRITICAL) with AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L...
CVE-2026-49774
CVE-2026-49774 describes an "Improper Control of Generation of Code (Code Injection)" vulnerability in the WordPress RD Station plugin
CVE-2026-54198
CVE-2026-54198 affects the WordPress Media Library Assistant plugin up to version 3.35. The vulnerability is an unauthenticated cross-site scripting (XSS) in the plugin (reflected XSS per CVE record) with a CVSS 3.1 base score of 7.1 (HIGH). Attack vector: Network; privileges required: NONE; user...
CVE-2026-54191
CVE-2026-54191 corresponds to an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Pods plugin, affecting versions ≤ 3.3.8. The provided sources identify the affected product/version and describe the issue as XSS that can be triggered without authentication, with a CVSSv3....
CVE-2026-54197
The CVE-2026-54197 entry concerns the WordPress GetGenie plugin version <= 4.4.1, where an unauthenticated sensitive data exposure vulnerability is reported. Public documents consistently indicate exposure of sensitive data without authentication, affecting GetGenie
CVE-2026-54190
CVE-2026-54190 : Unauthenticated Broken Access Control affects the WordPress plugin Envira Photo Gallery versions up to and including 1.12.5 . The available sources describe an unauthenticated access control flaw in this plugin, with the vulnerability present in the affected release range. The co...
CVE-2026-52715
GEO my WordPress plugin (WordPress)
CVE-2026-52714
CVE-2026-52714 involves an unauthenticated broken access control in the WordPress SEO Plugin by Squirrly SEO, affected versions
CVE-2026-52711
CVE-2026-52711 affects the WordPress WooCommerce POS plugin, version
CVE-2026-52712
CVE-2026-52712 affects the WordPress Attendance Manager plugin version <= 0.6.2 and is described as a Subscriber SQL Injection vulnerability. The initial documents cite a CVSSv3.1 base score of 7.6 (High) with network attack vector, low attack complexity, and high confidentiality impact, but d...
CVE-2026-39581
CVE-2026-39581 documents a SQL Injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic for versions
CVE-2026-39574
CVE-2026-39574 : Unauthenticated SQL injection in the WordPress InPost Gallery plugin, affected versions ≤ 2.1.4.6. Root cause and exact exploit details are not provided in the documents; CVSS v3.1 base score 9.3 (CRITICAL, NETWORK, no privileges required, user interaction: none). No remediation ...
CVE-2026-39490
The CVE-2026-39490 entry concerns the WordPress JupiterX Core plugin, affected at versions
CVE-2026-39437
The CVE-2026-39437 issue affects the WordPress plugin “Min Max Step Quantity Limits Manager for WooCommerce” (versions ≤ 5.2.2). The vulnerability is an unauthenticated Cross Site Scripting (XSS), described as reflected in Patchstack and corroborated by NVD/CVE listings. The root cause is an inpu...
CVE-2025-68045
CVE-2025-68045 concerns the WordPress WP Event Solution plugin, affected versions
CVE-2026-10825
Technical details such as affected products, specific versions, root-cause, and exploit information are not publicly provided in the supplied documents; monitor for updates.
CVE-2026-5416
The CVE-2026-5416 entry describes a command injection in a Managed Ethernet Switch caused by improper neutralization of special elements in a name parameter. It results in full system compromise with network-based, low-privilege, no-user-interaction exploitation (per CVSS 4.0/3.1 vectors). Connec...
CVE-2026-10093
The CVE-2026-10093 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin File Sharing & Download Manager – User Private Files . Affected versions are all up to and including 2.1.6 . The issue stems from insufficient input sanitization and output escaping in the fldr_ttl pa...
CVE-2026-8444
CVE-2026-8444 affects WordPress WP Review Slider Pro (get_results() without $wpdb->prepare(). This allows authenticated attackers with Subscriber-level access or higher to append additional SQL queries to existing queries and potentially extract sensitive database information. The provided met...
CVE-2026-46331
The CVE-2026-46331 issue affects the Linux kernel net/sched path (pedit action). The root cause was tcf_pedit_act() computing the COW write range once before the key loop using tcfp_off_max_hint, which did not account for runtime header offset from typed keys, potentially leaving part of the writ...
CVE-2025-9912
Nokia SR Linux is affected by CVE-2025-9912, a local privilege escalation vulnerability. An authenticated user may exploit it to execute arbitrary commands with superuser privileges. The provided sources identify the vendor/product and the impact (local LPE leading to root-level command execution...
CVE-2025-10262
Nokia SR Linux contains a local privilege escalation due to unsanitized format validation. An authenticated user can potentially execute arbitrary commands with superuser privileges. The affected product is Nokia SR Linux; root cause is unsanitized format validation. No explicit affected versions...