Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-6777 Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6776 Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.8 | HIGH | β | 0 |
| CVE-2026-6775 Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6774 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 5.4 | MEDIUM | β | 0 |
| CVE-2026-6773 Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 7.5 | HIGH | β | 0 |
| CVE-2026-6772 Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.5 | HIGH | β | 0 |
| CVE-2026-6771 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6770 Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6769 Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 8.8 | HIGH | β | 0 |
| CVE-2026-6768 Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6767 Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6766 Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.5 | HIGH | β | 0 |
| CVE-2026-6765 Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6764 Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6763 Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6762 Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6761 Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 8.8 | HIGH | β | 0 |
| CVE-2026-6760 Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6759 Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.5 | HIGH | β | 0 |
| CVE-2026-6758 Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 7.5 | HIGH | β | 0 |
| CVE-2026-6757 Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6756 Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. | 7.5 | HIGH | β | 0 |
| CVE-2026-6755 Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6754 Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.5 | HIGH | β | 0 |
| CVE-2026-6753 Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.3 | HIGH | β | 0 |
| CVE-2026-6752 Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.3 | HIGH | β | 0 |
| CVE-2026-6751 Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.3 | HIGH | β | 0 |
| CVE-2026-6750 Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 8.8 | HIGH | β | 0 |
| CVE-2026-6749 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunde... | 7.5 | HIGH | β | 0 |
| CVE-2026-6748 Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6747 Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.5 | HIGH | β | 0 |
| CVE-2026-6746 Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.5 | HIGH | β | 0 |
| CVE-2026-40520 FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() wi... | 7.2 | HIGH | β | 0 |
| CVE-2026-32147 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside th... | N/A | NONE | β | 0 |
| CVE-2026-41039 This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit ... | N/A | NONE | β | 0 |
| CVE-2026-41038 This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vu... | N/A | NONE | β | 0 |
| CVE-2026-6553 Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS... | N/A | NONE | β | 0 |
| CVE-2026-41037 This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same networ... | N/A | NONE | β | 0 |
| CVE-2026-41036 This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerab... | N/A | NONE | β | 0 |
| CVE-2026-3317 Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through desi... | N/A | NONE | β | 0 |
| CVE-2026-39467 Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0. | 7.2 | HIGH | β | 0 |
| CVE-2025-13826 Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attack... | N/A | NONE | β | 0 |
| CVE-2026-6712 The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output ... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-6711 The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input() ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-6703 The Responsive Blocks β Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-31370 Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-31369 PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | 3.2 | LOW | β | 0 |
| CVE-2026-31368 AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability. | 7.8 | HIGH | β | 0 |
| CVE-2026-5965 NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6675 The Responsive Blocks β Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficie... | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.