VIR Vulnerability Intelligence Relay

Search

Found 9,809 results in 927ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-4699 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4697 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4696 high 8.0 FIX rocky rheldebian debian 2mo ago Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4695 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4694 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4693 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4692 high 8.0 FIX rocky rheldebian debian 2mo ago Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4691 high 8.0 FIX rocky rheldebian debian 2mo ago Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4690 high 8.0 FIX rocky rheldebian debian 2mo ago Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and …
CVE-2026-4689 high 8.0 FIX rocky rheldebian debian 2mo ago Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and …
CVE-2026-4688 high 8.0 FIX rocky rheldebian debian 2mo ago Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4687 high 8.0 FIX rocky rheldebian debian 2mo ago Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 14…
CVE-2026-4686 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4685 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4684 high 8.0 FIX rocky rheldebian debian 2mo ago Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2025-61731 high 8.0 FIX rocky rheldebian debian google 2mo ago RHSA-2026:6949: go-toolset:rhel8 security update (Important)
CVE-2026-25749 medium 5.5 FIX rocky rhel sles 2mo ago Moderate: vim security update
CVE-2026-23893 medium 5.5 FIX rocky rhel sles 2mo ago RHSA-2026:5587: opencryptoki security update (Moderate)
CVE-2026-1940 high 7.5 7.5 FIX debian debian sles rhel freedesktopgstreamer 2mo ago An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_…
CVE-2026-4427 high 8.0 sles rhel 3mo ago RHSA-2026:22714: osbuild-composer security update (Important)
CVE-2026-4426 medium 6.5 6.5 FIX debian debian sles rhel libarchiveredhat 3mo ago A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge exte…
CVE-2026-4424 high 7.5 7.5 FIX rheldebian debian sles libarchiveredhat 3mo ago Important: libarchive security update
CVE-2026-4111 high 7.5 7.5 FIX rheldebian debian rocky 3mo ago Important: libarchive security update
CVE-2026-33210 high 8.0 FIX rheldebian debianalmalinux almalinux google 3mo ago Important: ruby:4.0 security update
CVE-2026-32286 high 7.5 7.5 FIX debian debian sles rhel jackc 3mo ago The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out …
CVE-2025-68114 high 8.0 FIX rheldebian debian sles 3mo ago Important: capstone security update
CVE-2025-67873 high 8.0 FIX rheldebian debian sles 3mo ago Important: capstone security update
CVE-2026-4271 high 7.5 7.5 debian debian sles rhel gnome 3mo ago A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sen…
CVE-2026-21964 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:6391: mysql:8.4 security update (Moderate)
CVE-2026-21948 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:6391: mysql:8.4 security update (Moderate)
CVE-2026-21941 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:6391: mysql:8.4 security update (Moderate)
CVE-2026-21937 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:6391: mysql:8.4 security update (Moderate)
CVE-2026-21936 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:6391: mysql:8.4 security update (Moderate)
CVE-2025-61662 high 7.8 7.8 FIX rheldebian debian sles gnu 3mo ago RHSA-2026:4648: grub2 security update (Moderate)
CVE-2025-39818 medium 5.5 FIX rhel sles rocky 3mo ago In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_sub…
CVE-2026-32597 high 7.5 7.5 FIX rhel sles rocky pyjwt_project 3mo ago RHSA-2026:12176: fence-agents security update (Important)
CVE-2026-2376 medium 5.4 5.4 rhel redhat 3mo ago A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the applicat…
CVE-2026-26130 high 8.0 FIX rocky rhelalmalinux almalinux 3mo ago RHSA-2026:4458: .NET 10.0 security update (Important)
CVE-2026-26127 high 8.0 FIX rocky rhelalmalinux almalinux 3mo ago RHSA-2026:4458: .NET 10.0 security update (Important)
CVE-2026-2048 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:5113: gimp:2.8 security update (Important)
CVE-2026-2047 high 8.0 FIX rheldebian debian sles 3mo ago Important: gimp security update
CVE-2026-2045 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:5113: gimp:2.8 security update (Important)
CVE-2026-2044 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:5113: gimp:2.8 security update (Important)
CVE-2026-1299 medium 5.5 FIX rocky rhel sles 3mo ago The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is seriali…
CVE-2026-0797 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:5113: gimp:2.8 security update (Important)
CVE-2025-9820 medium 4.0 4.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:5585: gnutls security update (Moderate)
CVE-2025-15367 medium 5.5 FIX rocky rheldebian debian 3mo ago The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-15366 medium 5.5 FIX rocky rheldebian debian 3mo ago The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-14831 medium 5.3 5.3 FIX rocky rheldebian debian 3mo ago RHSA-2026:5585: gnutls security update (Moderate)
CVE-2026-23001 medium 5.5 FIX rocky rhel sles 3mo ago In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvla…
CVE-2025-68800 high 8.0 FIX rhel sles rocky 3mo ago In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL)…
CVE-2025-38106 medium 5.5 FIX rhel slesdebian debian 3mo ago In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrus…
CVE-2025-69534 high 8.0 FIX rhel slesdebian debian 3mo ago Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-M…
CVE-2025-12801 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:3938: nfs-utils security update (Moderate)
CVE-2021-30952 medium 7.0 KEVFIX sles rockydebian debian 3mo ago Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code executio…
CVE-2026-2006 high 8.0 FIX rocky rhel sles 3mo ago RHSA-2026:4064: postgresql:12 security update (Important)
CVE-2026-2005 high 8.0 FIX rocky rhel sles 3mo ago RHSA-2026:4064: postgresql:12 security update (Important)
CVE-2026-2004 high 8.0 FIX rocky rhel sles 3mo ago RHSA-2026:4064: postgresql:12 security update (Important)
CVE-2026-2003 high 8.0 FIX rocky rhel sles 3mo ago RHSA-2026:4063: postgresql:16 security update (Important)
CVE-2026-1642 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:5581: nginx:1.24 security update (Moderate)
CVE-2026-23097 medium 5.5 FIX rocky rhel sles 3mo ago In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Hol…
CVE-2026-21863 high 8.0 FIX rhel sles rocky 3mo ago Important: valkey security update
CVE-2025-71085 medium 5.5 FIX rocky rhel sles 3mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at…
CVE-2025-67733 high 8.0 FIX rhel sles rocky 3mo ago Important: valkey security update
CVE-2025-40168 medium 5.5 FIX rocky rhel sles 3mo ago In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not …
CVE-2026-22801 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:4728: libpng security update (Important)
CVE-2026-22695 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:4728: libpng security update (Important)
CVE-2026-2793 high 8.0 FIX rocky rheldebian debian 3mo ago Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume tha…
CVE-2026-2792 high 8.0 FIX rocky rheldebian debian 3mo ago Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2026-2791 high 8.0 FIX rocky rheldebian debian 3mo ago Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2790 high 8.0 FIX rocky rheldebian debian 3mo ago Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2789 high 8.0 FIX rocky rheldebian debian 3mo ago Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2788 high 8.0 FIX rocky rheldebian debian 3mo ago Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2787 high 8.0 FIX rocky rheldebian debian 3mo ago Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2785 high 8.0 FIX rocky rheldebian debian 3mo ago Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2784 high 8.0 FIX rocky rheldebian debian 3mo ago Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2783 high 8.0 FIX rocky rheldebian debian 3mo ago Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2782 high 8.0 FIX rocky rheldebian debian 3mo ago Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2781 high 8.0 FIX rocky rheldebian debian 3mo ago Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35.
CVE-2026-2780 high 8.0 FIX rocky rheldebian debian 3mo ago Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2779 high 8.0 FIX rocky rheldebian debian 3mo ago Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2778 high 8.0 FIX rocky rheldebian debian 3mo ago Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunder…
CVE-2026-2777 high 8.0 FIX rocky rheldebian debian 3mo ago Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2776 high 8.0 FIX rocky rheldebian debian 3mo ago Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 14…
CVE-2026-2775 high 8.0 FIX rocky rheldebian debian 3mo ago Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2774 high 8.0 FIX rocky rheldebian debian 3mo ago Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2773 high 8.0 FIX rocky rheldebian debian 3mo ago Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2772 high 8.0 FIX rocky rheldebian debian 3mo ago Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2771 high 8.0 FIX rocky rheldebian debian 3mo ago Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2770 high 8.0 FIX rocky rheldebian debian 3mo ago Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2769 high 8.0 FIX rocky rheldebian debian 3mo ago Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2768 high 8.0 FIX rocky rheldebian debian 3mo ago Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2767 high 8.0 FIX rocky rheldebian debian 3mo ago Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2766 high 8.0 FIX rocky rheldebian debian 3mo ago Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2765 high 8.0 FIX rocky rheldebian debian 3mo ago Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2764 high 8.0 FIX rocky rheldebian debian 3mo ago JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2763 high 8.0 FIX rocky rheldebian debian 3mo ago Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2762 high 8.0 FIX rocky rheldebian debian 3mo ago Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2761 high 8.0 FIX rocky rheldebian debian 3mo ago Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2760 high 8.0 FIX rocky rheldebian debian 3mo ago Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thun…