358298 matches found
CVE-2026-9507
A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...
CVE-2026-53899
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...
CVE-2026-53900
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...
CVE-2026-12323
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152...
CVE-2026-12324
Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12325
Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37...
CVE-2026-12330
Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12 and Firefox ESR 115.37...
CVE-2026-12326
Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152...
CVE-2026-12328
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
CVE-2026-12327
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...
CVE-2026-12329
Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12...
CVE-2026-12318
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152...
CVE-2026-12322
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152...
CVE-2026-12315
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12317
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152...
CVE-2026-12321
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152...
CVE-2026-12314
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12319
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152...
CVE-2026-12316
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152...
CVE-2026-12320
Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152...
CVE-2026-12309
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12312
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12308
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12311
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12313
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12310
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12299
JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37...
CVE-2026-12305
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12303
Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152...
CVE-2026-12306
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12298
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12300
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152...
CVE-2026-12301
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152...
CVE-2026-12304
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12307
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12302
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37...
CVE-2026-12289
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37...
CVE-2026-12293
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152...
CVE-2026-12292
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12291
Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37...
CVE-2026-12294
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37...
CVE-2026-12295
Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37...
CVE-2026-12290
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37...
CVE-2026-12296
Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
CVE-2026-12297
Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37...
CVE-2026-40750
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...
CVE-2026-12225
syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...
CVE-2026-8484
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes DoS. All versions are believed to be vulnerable. This project is unmaintained at...
CVE-2026-10829
A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...
CVE-2026-10828
A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...