Search
127,949 CVEs · High severity
CVEs (127,949, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 127,949 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8962 | HIGH | Patched | 8.1 | 2026-05-19 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8960 | HIGH | Patched | 7.5 | 2026-05-19 | Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8958 | HIGH | Patched | 8.6 | 2026-05-19 | Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and … |
| CVE-2026-8957 | HIGH | Patched | 8.8 | 2026-05-19 | Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8955 | HIGH | Patched | 8.8 | 2026-05-19 | Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8954 | HIGH | Patched | 7.5 | 2026-05-19 | Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderb… |
| CVE-2026-8952 | HIGH | Patched | 8.8 | 2026-05-19 | Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8949 | HIGH | Patched | 7.5 | 2026-05-19 | Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8947 | HIGH | Patched | 7.3 | 2026-05-19 | Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbir… |
| CVE-2026-8946 | HIGH | Patched | 7.5 | 2026-05-19 | Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151… |
| CVE-2026-8945 | HIGH | Patched | 7.5 | 2026-05-19 | Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151. |
| CVE-2026-8915 | HIGH | Patched | 8.8 | 2026-05-28 | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31. |
| CVE-2026-8912 | HIGH | 7.5 | 2026-05-19 | The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including, 28.1.6. This is due to insufficient… | |
| CVE-2026-8901 | HIGH | 7.2 | 2026-06-06 | The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submi… | |
| CVE-2026-8890 | HIGH | 8.2 | 2026-05-26 | code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON … | |
| CVE-2026-8889 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes). | |
| CVE-2026-8888 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() witho… | |
| CVE-2026-8881 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a si… | |
| CVE-2026-8879 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This scri… | |
| CVE-2026-8878 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information co… | |
| CVE-2026-8876 | HIGH | 7.3 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention… | |
| CVE-2026-8874 | HIGH | 7.1 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpo… | |
| CVE-2026-8856 | HIGH | Patched | 7.7 | 2026-05-26 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration. |
| CVE-2026-8855 | HIGH | Patched | 8.1 | 2026-05-26 | IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication). |
| CVE-2026-8854 | HIGH | Patched | 7.5 | 2026-05-26 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache. |