|
2861
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8962
|
2026-05-21 02:56 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2862
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
|
CWE-200
Information Exposure
|
CVE-2026-8965
|
2026-05-21 02:51 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2863
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
|
CWE-200
Information Exposure
|
CVE-2026-8966
|
2026-05-21 02:51 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2864
|
7.5 |
HIGH
Network
|
progress
|
moveit_automation
|
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-8485
|
2026-05-21 02:50 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2865
|
4.6 |
MEDIUM
Network
|
nozominetworks
|
cmc
guardian
|
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a mal…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2025-40900
|
2026-05-21 02:35 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2866
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-269
Improper Privilege Management
|
CVE-2026-8970
|
2026-05-21 02:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2867
|
6.5 |
MEDIUM
Network
|
kilo
|
kilo_code_cli
|
A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executi…
|
CWE-200
CWE-284
NVD-CWE-noinfo
Information Exposure
Improper Access Control
|
CVE-2026-8766
|
2026-05-21 02:34 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2868
|
4.0 |
MEDIUM
Physics
|
-
|
-
|
Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m…
|
CWE-682
Incorrect Calculation
|
CVE-2023-7346
|
2026-05-21 02:33 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2869
|
7.2 |
HIGH
Network
|
-
|
-
|
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, 1.2.12 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7613
|
2026-05-21 02:33 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2870
|
6.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId,
idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9087
|
2026-05-21 02:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
