|
261
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary …
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-8973
|
2026-05-21 02:50 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
7.5 |
HIGH
Network
|
progress
|
moveit_automation
|
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-8485
|
2026-05-21 02:50 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
4.6 |
MEDIUM
Network
|
nozominetworks
|
cmc
guardian
|
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a mal…
New
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2025-40900
|
2026-05-21 02:35 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-8970
|
2026-05-21 02:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
6.5 |
MEDIUM
Network
|
kilo
|
kilo_code_cli
|
A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executi…
New
|
CWE-200
CWE-284
NVD-CWE-noinfo
Information Exposure
Improper Access Control
|
CVE-2026-8766
|
2026-05-21 02:34 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
4.0 |
MEDIUM
Physics
|
-
|
-
|
Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m…
New
|
CWE-682
Incorrect Calculation
|
CVE-2023-7346
|
2026-05-21 02:33 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
7.2 |
HIGH
Network
|
-
|
-
|
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, 1.2.12 due t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7613
|
2026-05-21 02:33 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.
This issue affects MOVEit Automation: before 2025.0.11, from 20…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8488
|
2026-05-21 02:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
6.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId,
idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9087
|
2026-05-21 02:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
5.9 |
MEDIUM
Network
|
-
|
-
|
The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads t…
New
|
CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
|
CVE-2026-9100
|
2026-05-21 02:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
