Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21901
Total
1562
Critical
6653
High
6999
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12304 | CRITICAL | 9.1 | Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | Jun 16, 2026 |
| CVE-2026-12303 | MEDIUM | 4.3 | Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Jun 16, 2026 |
| CVE-2026-12302 | MEDIUM | 6.5 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | Jun 16, 2026 |
| CVE-2026-12301 | MEDIUM | 5.3 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Jun 16, 2026 |
| CVE-2026-12300 | MEDIUM | 5.3 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Jun 16, 2026 |
| CVE-2026-12299 | MEDIUM | 5.4 | JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and … | Jun 16, 2026 |
| CVE-2026-12298 | MEDIUM | 5.4 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | Jun 16, 2026 |
| CVE-2026-12297 | UNKNOWN | — | Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird … | Jun 16, 2026 |
| CVE-2026-12296 | UNKNOWN | — | Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | Jun 16, 2026 |
| CVE-2026-12295 | UNKNOWN | — | Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | Jun 16, 2026 |
| CVE-2026-12294 | UNKNOWN | — | Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | Jun 16, 2026 |
| CVE-2026-12293 | UNKNOWN | — | Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Jun 16, 2026 |
| CVE-2026-12292 | UNKNOWN | — | Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | Jun 16, 2026 |
| CVE-2026-12291 | UNKNOWN | — | Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | Jun 16, 2026 |
| CVE-2026-12290 | UNKNOWN | — | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | Jun 16, 2026 |
| CVE-2026-12289 | HIGH | 8.8 | Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | Jun 16, 2026 |
| CVE-2026-8484 | UNKNOWN | — | A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the … | Jun 16, 2026 |
| CVE-2026-40750 | CRITICAL | 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects … | Jun 16, 2026 |
| CVE-2026-12225 | UNKNOWN | — | syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user … | Jun 16, 2026 |
| CVE-2026-10829 | UNKNOWN | — | A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of … | Jun 16, 2026 |
| CVE-2026-10828 | UNKNOWN | — | A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and … | Jun 16, 2026 |
| CVE-2026-8442 | HIGH | 8.1 | The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to … | Jun 16, 2026 |
| CVE-2026-8176 | HIGH | 7.5 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and … | Jun 16, 2026 |
| CVE-2026-5416 | HIGH | 8.8 | Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in … | Jun 16, 2026 |
| CVE-2026-54198 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. | Jun 16, 2026 |