|
3481
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-8968
|
2026-05-20 23:56 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3482
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8969
|
2026-05-20 23:55 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3483
|
9.1 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-8948
|
2026-05-20 23:53 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3484
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-8949
|
2026-05-20 23:49 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3485
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-8951
|
2026-05-20 23:48 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3486
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
|
CWE-346
Origin Validation Error
|
CVE-2026-8971
|
2026-05-20 23:41 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3487
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-8956
|
2026-05-20 23:31 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3488
|
9.6 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-20
CWE-119
CWE-693
Improper Input Validation
Incorrect Access of Indexable Resource ('Range Error')
Protection Mechanism Failure
|
CVE-2026-8959
|
2026-05-20 23:28 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3489
|
8.8 |
HIGH
Network
|
-
|
-
|
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PH…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-24425
|
2026-05-20 23:25 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3490
|
7.3 |
HIGH
Network
|
-
|
-
|
An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations.
|
CWE-284
Improper Access Control
|
CVE-2026-39250
|
2026-05-20 23:25 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
