Export limit exceeded: 344335 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344335 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34405 | 2 Nuxt, Nuxt-modules | 2 Og Image, Og-image | 2026-04-13 | 6.1 Medium |
| Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in version 6.2.5. | ||||
| CVE-2026-2771 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2770 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 8.8 High |
| Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2769 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 8.8 High |
| Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2768 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 10 Critical |
| Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2767 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 8.8 High |
| Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2766 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2765 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2764 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2763 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2762 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2761 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 10 Critical |
| Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2760 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 10 Critical |
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2759 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2758 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2757 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2634 | 1 Mozilla | 2 Firefox, Firefox For Ios | 2026-04-13 | 9.8 Critical |
| Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4. | ||||
| CVE-2026-2447 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 8.8 High |
| Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2. | ||||
| CVE-2026-2032 | 1 Mozilla | 2 Firefox, Firefox For Ios | 2026-04-13 | 4.3 Medium |
| Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1. | ||||
| CVE-2026-24869 | 1 Mozilla | 1 Firefox | 2026-04-13 | 8.8 High |
| Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2. | ||||