Export limit exceeded: 340448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340448 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4700 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 9.8 Critical |
| Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4701 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 9.8 Critical |
| Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4722 | 1 Mozilla | 1 Firefox | 2026-03-25 | 8.8 High |
| Privilege escalation in the IPC component. This vulnerability affects Firefox < 149 and Thunderbird < 149. | ||||
| CVE-2026-4702 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 9.8 Critical |
| JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4723 | 1 Mozilla | 1 Firefox | 2026-03-25 | 9.8 Critical |
| Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Thunderbird < 149. | ||||
| CVE-2026-4724 | 1 Mozilla | 1 Firefox | 2026-03-25 | 6.1 Medium |
| Undefined behavior in the Audio/Video component. This vulnerability affects Firefox < 149 and Thunderbird < 149. | ||||
| CVE-2026-4704 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 7.5 High |
| Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4705 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 9.8 Critical |
| Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4706 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4707 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4710 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | N/A |
| Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4712 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 7.5 High |
| Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4715 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 9.1 Critical |
| Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4716 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 9.1 Critical |
| Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4726 | 1 Mozilla | 1 Firefox | 2026-03-25 | 3.4 Low |
| Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149. | ||||
| CVE-2026-4727 | 1 Mozilla | 1 Firefox | 2026-03-25 | 3.4 Low |
| Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Thunderbird < 149. | ||||
| CVE-2026-4728 | 1 Mozilla | 1 Firefox | 2026-03-25 | 3.4 Low |
| Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149 and Thunderbird < 149. | ||||
| CVE-2026-4718 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | N/A |
| Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4719 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-33309 | 1 Langflow | 1 Langflow | 2026-03-25 | 10 Critical |
| Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer `ValidatedFileName` dependency. This defense-in-depth failure leaves the `POST /api/v2/files/` endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix. | ||||