0.0
CVE-2026-8091 - Incorrect boundary conditions in the Audio/Video: Playback component
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.
7.3
CVE-2026-8090 - Use-after-free in the DOM: Networking component
Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.
9.6
CVE-2026-5791 - CSRF in DivvyDrive Information Technologies' DivvyDrive
Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
6.8
CVE-2026-8080 - MISP core - Stored XSS in MISP template (old engine) element attribute type
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application β¦
8.3
CVE-2026-41644 - monetr is vulnerable to server-side request forgery in Lunch Flow link creation and refresh
monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs sβ¦
7.5
CVE-2026-41643 - GoBGP: Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during β¦
7.5
CVE-2026-42285 - GoBGP: Panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribβ¦
7.5
CVE-2026-41642 - GoBGP: Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked β¦
9.8
CVE-2026-6508 - RCE in TUBITAK BILGEM's Liderahenk
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2.
8.8
CVE-2026-3953 - Reflected XSS in Gosoft Software's Proticaret E-Commerce
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XSS), Reflected XSS. This issue affects Proticaret E-Commerce: from v5.0.0 before V 6.0.1767.1383.