Export limit exceeded: 334610 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334610 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2768 | 2026-02-24 | N/A | ||
| Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8. | ||||
| CVE-2026-2767 | 2026-02-24 | N/A | ||
| Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8. | ||||
| CVE-2026-2766 | 2026-02-24 | N/A | ||
| Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8. | ||||
| CVE-2026-2765 | 2026-02-24 | N/A | ||
| Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8. | ||||
| CVE-2026-2764 | 2026-02-24 | N/A | ||
| JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8. | ||||
| CVE-2026-2763 | 2026-02-24 | N/A | ||
| Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8. | ||||
| CVE-2026-2762 | 2026-02-24 | N/A | ||
| Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8. | ||||
| CVE-2026-2761 | 2026-02-24 | N/A | ||
| Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8. | ||||
| CVE-2026-2760 | 2026-02-24 | N/A | ||
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8. | ||||
| CVE-2026-2759 | 2026-02-24 | N/A | ||
| Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8. | ||||
| CVE-2026-2758 | 2026-02-24 | N/A | ||
| Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8. | ||||
| CVE-2026-2757 | 2026-02-24 | N/A | ||
| Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8. | ||||
| CVE-2026-2634 | 2026-02-24 | N/A | ||
| Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS < 147.4. | ||||
| CVE-2026-2460 | 2026-02-24 | N/A | ||
| A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so. | ||||
| CVE-2026-2459 | 2026-02-24 | N/A | ||
| A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so. | ||||
| CVE-2026-1773 | 2026-02-24 | N/A | ||
| IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation. | ||||
| CVE-2026-1772 | 2026-02-24 | N/A | ||
| RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges. | ||||
| CVE-2026-25965 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | 8.6 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default. | ||||
| CVE-2026-25898 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | 6.5 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | ||||
| CVE-2026-25897 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | 6.5 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | ||||