|
2751
|
9.1 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-8948
|
2026-05-20 23:53 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2752
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-8949
|
2026-05-20 23:49 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2753
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-8951
|
2026-05-20 23:48 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2754
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
|
CWE-346
Origin Validation Error
|
CVE-2026-8971
|
2026-05-20 23:41 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2755
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-8956
|
2026-05-20 23:31 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2756
|
9.6 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-20
CWE-119
CWE-693
Improper Input Validation
Incorrect Access of Indexable Resource ('Range Error')
Protection Mechanism Failure
|
CVE-2026-8959
|
2026-05-20 23:28 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2757
|
8.8 |
HIGH
Network
|
-
|
-
|
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PH…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-24425
|
2026-05-20 23:25 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2758
|
7.3 |
HIGH
Network
|
-
|
-
|
An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations.
|
CWE-284
Improper Access Control
|
CVE-2026-39250
|
2026-05-20 23:25 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2759
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be execute…
|
CWE-862
Missing Authorization
|
CVE-2026-44392
|
2026-05-20 23:25 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2760
|
4.0 |
MEDIUM
Local
|
-
|
-
|
HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially i…
|
-
|
CVE-2025-31973
|
2026-05-20 23:23 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
