| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8370 | Hig | 0.55 | — | 0.00 | May 19, 2026 | Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges. This… | ||
| CVE-2026-8073 | Hig | 0.42 | 7.5 | 0.01 | May 19, 2026 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This… | ||
| CVE-2026-8604 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2026 | In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage. | ||
| CVE-2026-6009 | Hig | 0.57 | — | 0.00 | May 19, 2026 | Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system | ||
| CVE-2026-47107 | Hig | 0.46 | 8.1 | 0.00 | May 19, 2026 | Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and… | ||
| CVE-2026-33633 | Hig | 0.42 | 7.5 | 0.00 | May 19, 2026 | Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics… | ||
| CVE-2026-47358 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced… | ||
| CVE-2026-47357 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an… | ||
| CVE-2026-47356 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2026 | Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary… | ||
| CVE-2026-36828 | Hig | 0.57 | 8.8 | 0.02 | May 19, 2026 | A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter. | ||
| CVE-2026-5804 | Hig | 0.55 | 8.4 | 0.00 | May 19, 2026 | An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to… | ||
| CVE-2026-31069 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2026 | BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf() without proper sanitization or identifier… | ||
| CVE-2026-45738 | hig | 0.38 | — | 0.00 | May 19, 2026 | ### Summary A user with **application write access (developer role)** can set `link.argocd.argoproj.io/*` annotations on any ArgoCD Application. These annotation values are rendered in the Summary tab's **URLs section** as `` elements without URL validation. Using the… | ||
| CVE-2026-45713 | hig | 0.38 | — | 0.00 | May 19, 2026 | ### Summary The Mailpit SMTP server has a Server.MaxSize int field that controls the maximum allowed DATA payload size, but the field is never assigned anywhere outside test code, leaving it at Go's zero value (0 ⇒ "no limit"). The same applies to the HTTP /api/v1/send… | ||
| CVE-2026-45576 | hig | 0.38 | — | 0.00 | May 19, 2026 | ## Summary Alice runs `zrok2 copy` from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV `href` such as `/../outside.txt`. The sync pipeline stores that path in the source inventory and passes it to `FilesystemTarget.WriteStream`, which… | ||
| CVE-2026-8711 | Hig | 0.53 | 8.1 | 0.01 | May 19, 2026 | NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker… | ||
| CVE-2026-47100 | Hig | 0.42 | 7.5 | 0.00 | May 19, 2026 | Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting.… | ||
| CVE-2026-43634 | Hig | 0.42 | 7.5 | 0.00 | May 19, 2026 | HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated… | ||
| CVE-2025-70950 | Hig | 0.47 | 7.3 | 0.01 | May 19, 2026 | An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request. | ||
| CVE-2025-51427 | Hig | 0.40 | 7.3 | 0.01 | May 19, 2026 | An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module']. | ||
| CVE-2026-8975 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2026 | Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in… | ||
| CVE-2026-8974 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2026 | Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox… | ||
| CVE-2026-8973 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2026 | Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8972 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2026 | Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8970 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2026 | Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8969 | Hig | 0.53 | 8.1 | 0.00 | May 19, 2026 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8968 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8967 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8966 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8965 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8964 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8963 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8962 | Hig | 0.53 | 8.1 | 0.00 | May 19, 2026 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8960 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8958 | Hig | 0.56 | 8.6 | 0.00 | May 19, 2026 | Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8957 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2026 | Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8955 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2026 | Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8954 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8952 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2026 | Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8949 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2026 | Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8947 | Hig | 0.47 | 7.3 | 0.00 | May 19, 2026 | Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8946 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2026 | Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8945 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151. | ||
| CVE-2026-42100 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2026 | Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early… | ||
| CVE-2026-42099 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2026 | Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location (__DIR__) under the specified name. An… | ||
| CVE-2026-42098 | Hig | 0.57 | — | 0.00 | May 19, 2026 | Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e.g. using a debugger) and log in as any other user or administrator - then it is… | ||
| CVE-2026-42097 | Hig | 0.57 | 8.8 | 0.01 | May 19, 2026 | Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about… | ||
| CVE-2026-42096 | Hig | 0.57 | 8.8 | 0.01 | May 19, 2026 | Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability,… | ||
| CVE-2026-23558 | Hig | 0.51 | 7.8 | 0.00 | May 19, 2026 | The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s) via XENMEM_add_to_physmap. Some of the status pages may… | ||
| CVE-2026-8912 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query… |
- risk 0.55cvss —epss 0.00
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges. This…
- risk 0.42cvss 7.5epss 0.01
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This…
- risk 0.57cvss 8.8epss 0.00
In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.
- risk 0.57cvss —epss 0.00
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system
- risk 0.46cvss 8.1epss 0.00
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and…
- risk 0.42cvss 7.5epss 0.00
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics…
- risk 0.49cvss 7.5epss 0.00
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced…
- risk 0.49cvss 7.5epss 0.00
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an…
- risk 0.49cvss 7.5epss 0.01
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary…
- risk 0.57cvss 8.8epss 0.02
A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter.
- risk 0.55cvss 8.4epss 0.00
An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to…
- risk 0.57cvss 8.8epss 0.00
BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf() without proper sanitization or identifier…
- risk 0.38cvss —epss 0.00
### Summary A user with **application write access (developer role)** can set `link.argocd.argoproj.io/*` annotations on any ArgoCD Application. These annotation values are rendered in the Summary tab's **URLs section** as `` elements without URL validation. Using the…
- risk 0.38cvss —epss 0.00
### Summary The Mailpit SMTP server has a Server.MaxSize int field that controls the maximum allowed DATA payload size, but the field is never assigned anywhere outside test code, leaving it at Go's zero value (0 ⇒ "no limit"). The same applies to the HTTP /api/v1/send…
- risk 0.38cvss —epss 0.00
## Summary Alice runs `zrok2 copy` from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV `href` such as `/../outside.txt`. The sync pipeline stores that path in the source inventory and passes it to `FilesystemTarget.WriteStream`, which…
- risk 0.53cvss 8.1epss 0.01
NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker…
- risk 0.42cvss 7.5epss 0.00
Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting.…
- risk 0.42cvss 7.5epss 0.00
HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated…
- risk 0.47cvss 7.3epss 0.01
An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request.
- risk 0.40cvss 7.3epss 0.01
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'].
- risk 0.57cvss 8.8epss 0.00
Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in…
- risk 0.57cvss 8.8epss 0.00
Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox…
- risk 0.57cvss 8.8epss 0.00
Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.57cvss 8.8epss 0.00
Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.57cvss 8.8epss 0.00
Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.53cvss 8.1epss 0.00
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.00
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.49cvss 7.5epss 0.00
Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.00
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.00
Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.00
Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.00
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.53cvss 8.1epss 0.00
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.49cvss 7.5epss 0.00
Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.56cvss 8.6epss 0.00
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.57cvss 8.8epss 0.00
Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.57cvss 8.8epss 0.00
Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.49cvss 7.5epss 0.00
Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.57cvss 8.8epss 0.00
Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.01
Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.47cvss 7.3epss 0.00
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.49cvss 7.5epss 0.01
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.49cvss 7.5epss 0.00
Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.
- risk 0.49cvss 7.5epss 0.01
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early…
- risk 0.49cvss 7.5epss 0.01
Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location (__DIR__) under the specified name. An…
- risk 0.57cvss —epss 0.00
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e.g. using a debugger) and log in as any other user or administrator - then it is…
- risk 0.57cvss 8.8epss 0.01
Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about…
- risk 0.57cvss 8.8epss 0.01
Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability,…
- risk 0.51cvss 7.8epss 0.00
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s) via XENMEM_add_to_physmap. Some of the status pages may…
- risk 0.49cvss 7.5epss 0.00
The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query…