|
1221
|
7.1 |
HIGH
Local
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, …
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40250
|
2026-04-23 03:41 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1222
|
7.1 |
HIGH
Local
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, …
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40244
|
2026-04-23 03:41 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1223
|
5.3 |
MEDIUM
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer ove…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-39886
|
2026-04-23 03:41 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1224
|
6.3 |
MEDIUM
Local
|
nicolargo
|
glances
|
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`…
New
|
CWE-89
SQL Injection
|
CVE-2026-35588
|
2026-04-23 03:40 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1225
|
7.5 |
HIGH
Network
|
littlecms
|
little_cms
|
Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.
Update
|
CWE-696
CWE-190
Incorrect Behavior Order
Integer Overflow or Wraparound
|
CVE-2026-41254
|
2026-04-23 03:34 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1226
|
7.3 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-6753
|
2026-04-23 02:40 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1227
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
New
|
CWE-200
Information Exposure
|
CVE-2026-6756
|
2026-04-23 02:40 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1228
|
6.3 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
New
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2026-6757
|
2026-04-23 02:39 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1229
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-6760
|
2026-04-23 02:38 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1230
|
6.3 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-6762
|
2026-04-23 02:38 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
