6.5
CVE-2026-27567 - Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads
Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an β¦
6.8
CVE-2025-10010 - Integrity Validation Bypass in CryptoPro Secure Disk for BitLocker
The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple chβ¦
8.8
CVE-2026-27483 - MindsDB has Path Traversal in /api/files Leading to Remote Code Execution
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the "Upβ¦
9.2
CVE-2026-27208 - api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a containβ¦
9.8
CVE-2026-2807 - Memory safety bugs fixed in Firefox 148 and Thunderbird 148
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.1
CVE-2026-2806 - Uninitialized memory in the Graphics: Text component
Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
5.4
CVE-2026-2804 - Use-after-free in the JavaScript: WebAssembly component
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8
CVE-2026-2805 - Invalid pointer in the DOM: Core & HTML component
Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
7.5
CVE-2026-2803 - Information disclosure, mitigation bypass in the Settings UI component
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
4.2
CVE-2026-2802 - Race condition in the JavaScript: GC component
Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.