|
501
|
9.6 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140…
New
|
CWE-416
Use After Free
|
CVE-2026-8953
|
2026-05-20 03:45 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
502
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-8954
|
2026-05-20 03:42 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
503
|
4.3 |
MEDIUM
Network
|
microsoft
|
365_apps
office
office_long_term_servicing_channel
word
|
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2026-40421
|
2026-05-20 03:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
504
|
7.8 |
HIGH
Local
|
microsoft
|
office
office_long_term_servicing_channel
|
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42831
|
2026-05-20 03:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
505
|
5.5 |
MEDIUM
Local
|
microsoft
|
excel
office
office_long_term_servicing_channel
word
|
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
Update
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-42832
|
2026-05-20 03:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
506
|
7.5 |
HIGH
Network
|
h2o
|
h2o
|
A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFi…
Update
|
CWE-200
CWE-284
NVD-CWE-noinfo
Information Exposure
Improper Access Control
|
CVE-2026-8750
|
2026-05-20 03:22 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
507
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in t…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-42883
|
2026-05-20 03:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
508
|
6.2 |
MEDIUM
Network
|
-
|
-
|
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/featur…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-42045
|
2026-05-20 03:19 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
509
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
Update
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8401
|
2026-05-20 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
510
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
Update
|
CWE-20
CWE-79
CWE-119
Improper Input Validation
Cross-site Scripting
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-8391
|
2026-05-20 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
