Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21901
Total
1562
Critical
6653
High
6999
Medium
CVE ID Severity Score Description Published
CVE-2026-12304 CRITICAL 9.1 Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. Jun 16, 2026
CVE-2026-12303 MEDIUM 4.3 Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. Jun 16, 2026
CVE-2026-12302 MEDIUM 6.5 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. Jun 16, 2026
CVE-2026-12301 MEDIUM 5.3 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. Jun 16, 2026
CVE-2026-12300 MEDIUM 5.3 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. Jun 16, 2026
CVE-2026-12299 MEDIUM 5.4 JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and … Jun 16, 2026
CVE-2026-12298 MEDIUM 5.4 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. Jun 16, 2026
CVE-2026-12297 UNKNOWN Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird … Jun 16, 2026
CVE-2026-12296 UNKNOWN Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. Jun 16, 2026
CVE-2026-12295 UNKNOWN Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. Jun 16, 2026
CVE-2026-12294 UNKNOWN Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. Jun 16, 2026
CVE-2026-12293 UNKNOWN Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. Jun 16, 2026
CVE-2026-12292 UNKNOWN Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. Jun 16, 2026
CVE-2026-12291 UNKNOWN Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. Jun 16, 2026
CVE-2026-12290 UNKNOWN Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. Jun 16, 2026
CVE-2026-12289 HIGH 8.8 Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. Jun 16, 2026
CVE-2026-8484 UNKNOWN A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the … Jun 16, 2026
CVE-2026-40750 CRITICAL 9.9 Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects … Jun 16, 2026
CVE-2026-12225 UNKNOWN syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user … Jun 16, 2026
CVE-2026-10829 UNKNOWN A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of … Jun 16, 2026
CVE-2026-10828 UNKNOWN A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and … Jun 16, 2026
CVE-2026-8442 HIGH 8.1 The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to … Jun 16, 2026
CVE-2026-8176 HIGH 7.5 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and … Jun 16, 2026
CVE-2026-5416 HIGH 8.8 Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in … Jun 16, 2026
CVE-2026-54198 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. Jun 16, 2026