9.8
CVE-2026-6750 - Privilege escalation in the Graphics: WebRender component
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
7.5
CVE-2026-6749 - Information disclosure due to uninitialized memory in the Graphics: Canvas2D component
Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
7.5
CVE-2026-6747 - Use-after-free in the WebRTC component
Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
9.8
CVE-2026-6748 - Uninitialized memory in the Audio/Video: Web Codecs component
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
7.5
CVE-2026-6746 - Use-after-free in the DOM: Core & HTML component
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
5.3
CVE-2026-32147 - SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (ssh_sftpd) stores the raw, user-supplied path in fβ¦
8.7
CVE-2026-41039 - Information Disclosure Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful exploitatβ¦
7.6
CVE-2026-41038 - Weak Password Policy Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading tβ¦
8.7
CVE-2026-41036 - Command Injection Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this vβ¦
8.7
CVE-2026-41037 - Missing Rate Limiting Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentβ¦