CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-6780
7.5 HIGH

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6779
5.3 MEDIUM

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6778
5.3 MEDIUM

Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6777
5.3 MEDIUM

Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6776
7.8 HIGH

Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6775
5.3 MEDIUM

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6774
5.4 MEDIUM

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6773
7.5 HIGH

Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6772
7.5 HIGH

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and …

Apr 21, 2026
CVE-2026-6771
9.8 CRITICAL

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6770
6.5 MEDIUM

Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6769
8.8 HIGH

Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6768
9.8 CRITICAL

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6767
5.3 MEDIUM

Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird …

Apr 21, 2026
CVE-2026-6766
7.5 HIGH

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6765
5.3 MEDIUM

Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6764
6.5 MEDIUM

Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6763
6.5 MEDIUM

Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6762
6.3 MEDIUM

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and …

Apr 21, 2026
CVE-2026-6761
8.8 HIGH

Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6760
9.8 CRITICAL

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6759
7.5 HIGH

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6758
7.5 HIGH

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6757
6.3 MEDIUM

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6756
7.5 HIGH

Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.

Apr 21, 2026
CVE-2026-6755
6.5 MEDIUM

Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6754
7.5 HIGH

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6753
7.3 HIGH

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6752
7.3 HIGH

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6751
7.3 HIGH

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6750
8.8 HIGH

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6749
7.5 HIGH

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird …

Apr 21, 2026
CVE-2026-6748
9.8 CRITICAL

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6747
7.5 HIGH

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6746
7.5 HIGH

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird …

Apr 21, 2026
CVE-2026-40520
7.2 HIGH

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to …

Apr 21, 2026
CVE-2026-32147

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify …

Apr 21, 2026
CVE-2026-41039
7.5 HIGH

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could …

Apr 21, 2026
CVE-2026-41038
8.8 HIGH

This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the …

Apr 21, 2026
CVE-2026-6553
7.5 HIGH

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database …

Apr 21, 2026
CVE-2026-41037
8.8 HIGH

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An …

Apr 21, 2026
CVE-2026-41036
8.8 HIGH

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit …

Apr 21, 2026
CVE-2026-3317

Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized …

Apr 21, 2026
CVE-2026-39467
7.2 HIGH

Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.

Apr 21, 2026
CVE-2025-13826

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of …

Apr 21, 2026
CVE-2026-6712
4.4 MEDIUM

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to …

Apr 21, 2026
CVE-2026-6711
6.1 MEDIUM

The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This …

Apr 21, 2026
CVE-2026-6703
4.3 MEDIUM

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, …

Apr 21, 2026
CVE-2026-31370
6.3 MEDIUM

Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.

Apr 21, 2026
CVE-2026-31369
3.2 LOW

PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability

Apr 21, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.