CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-27732 WWBN AVideo is an open source video platform. Prior to version 22.0, the `aVideoEncoder.json.php` API endpoint accepts a `downloadURL` parameter and fetches the referenced resource server-side without... | 8.1 | HIGH | — | 0 |
| CVE-2026-27584 Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN an... | 7.5 | HIGH | — | 0 |
| CVE-2026-27568 WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown (v1.7.4) without Safe Mode enabled. Markdown links are not sufficiently... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27567 Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When p... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27483 MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenti... | 8.8 | HIGH | — | 0 |
| CVE-2026-27208 bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to exe... | 9.2 | CRITICAL | — | 0 |
| CVE-2026-0402 A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall. | 4.9 | MEDIUM | — | 0 |
| CVE-2026-0401 A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall. | 4.9 | MEDIUM | — | 0 |
| CVE-2026-0400 A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall. | 4.9 | MEDIUM | — | 0 |
| CVE-2026-0399 Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint. | 4.9 | MEDIUM | — | 0 |
| CVE-2025-67445 TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CON... | 7.5 | HIGH | — | 0 |
| CVE-2025-10010 The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separ... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-2807 Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2806 Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 9.1 | CRITICAL | — | 0 |
| CVE-2026-2805 Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2804 Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2803 Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 7.5 | HIGH | — | 0 |
| CVE-2026-2802 Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 4.2 | MEDIUM | — | 0 |
| CVE-2026-2801 Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 7.5 | HIGH | — | 0 |
| CVE-2026-2800 Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2799 Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2798 Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 8.8 | HIGH | — | 0 |
| CVE-2026-2797 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2796 JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2795 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2794 Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability affects Firefox < 148. | 7.5 | HIGH | — | 0 |
| CVE-2026-2793 Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2792 Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2791 Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2790 Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2789 Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2788 Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2787 Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2786 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2785 Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2784 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2783 Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 7.5 | HIGH | — | 0 |
| CVE-2026-2782 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2781 Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2780 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2779 Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2778 Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thund... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-2777 Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2776 Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < ... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-2775 Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2774 Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2773 Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2772 Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2771 Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2770 Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.