|
1361
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
|
CWE-269
Improper Privilege Management
|
CVE-2026-6761
|
2026-04-22 23:56 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1362
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
|
CWE-416
Use After Free
|
CVE-2026-6758
|
2026-04-22 23:55 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1363
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
|
CWE-416
Use After Free
|
CVE-2026-6754
|
2026-04-22 23:53 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1364
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thund…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2026-6749
|
2026-04-22 23:52 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1365
|
9.9 |
CRITICAL
Network
|
asustor
|
data_master
|
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to t…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6643
|
2026-04-22 23:43 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1366
|
9.1 |
CRITICAL
Network
|
asustor
|
data_master
|
A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary co…
|
CWE-78
OS Command
|
CVE-2026-6644
|
2026-04-22 23:42 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1367
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-6748
|
2026-04-22 23:40 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1368
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
|
CWE-416
Use After Free
|
CVE-2026-6747
|
2026-04-22 23:39 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1369
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
|
CWE-416
Use After Free
|
CVE-2026-6746
|
2026-04-22 23:38 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1370
|
5.3 |
MEDIUM
Network
|
apache
|
doris_mcp_server
|
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of inten…
|
CWE-89
SQL Injection
|
CVE-2025-66335
|
2026-04-22 23:17 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
