Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12628
Total
849
Critical
3640
High
3960
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6760 | UNKNOWN | — | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | Apr 21, 2026 |
| CVE-2026-6759 | HIGH | 7.5 | Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6758 | HIGH | 7.5 | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | Apr 21, 2026 |
| CVE-2026-6757 | UNKNOWN | — | Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6756 | UNKNOWN | — | Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. | Apr 21, 2026 |
| CVE-2026-6755 | MEDIUM | 6.5 | Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | Apr 21, 2026 |
| CVE-2026-6754 | HIGH | 7.5 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6753 | UNKNOWN | — | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6752 | HIGH | 7.3 | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6751 | HIGH | 7.3 | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6750 | HIGH | 8.8 | Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6749 | HIGH | 7.5 | Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird … | Apr 21, 2026 |
| CVE-2026-6748 | CRITICAL | 9.8 | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6747 | HIGH | 7.5 | Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6746 | HIGH | 7.5 | Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird … | Apr 21, 2026 |
| CVE-2026-40520 | HIGH | 7.2 | FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to … | Apr 21, 2026 |
| CVE-2026-32147 | UNKNOWN | — | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify … | Apr 21, 2026 |
| CVE-2026-41039 | UNKNOWN | — | This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could … | Apr 21, 2026 |
| CVE-2026-41038 | UNKNOWN | — | This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the … | Apr 21, 2026 |
| CVE-2026-6553 | UNKNOWN | — | Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database … | Apr 21, 2026 |
| CVE-2026-41037 | UNKNOWN | — | This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An … | Apr 21, 2026 |
| CVE-2026-41036 | UNKNOWN | — | This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit … | Apr 21, 2026 |
| CVE-2026-3317 | UNKNOWN | — | Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized … | Apr 21, 2026 |
| CVE-2026-39467 | HIGH | 7.2 | Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0. | Apr 21, 2026 |
| CVE-2025-13826 | UNKNOWN | — | Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of … | Apr 21, 2026 |