9.1
CVE-2026-33475 - Langflow GitHub Actions Shell Injection
Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables (e.g., `${{ gitβ¦
10
CVE-2026-33309 - Langflow has an Arbitrary File Write (RCE) via v2 API
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved. Because the underlyinβ¦
9.8
CVE-2026-4721 - Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 1β¦
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabiliβ¦
9.8
CVE-2026-4729 - Memory safety bugs fixed in Firefox 149 and Thunderbird 149
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
9.8
CVE-2026-4720 - Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 1β¦
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Fireβ¦
7.5
CVE-2026-4719 - Incorrect boundary conditions in the Graphics: Text component
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
8.1
CVE-2026-4718 - Undefined behavior in the WebRTC: Signaling component
Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
6.5
CVE-2026-4728 - Spoofing issue in the Privacy: Anti-Tracking component
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
7.5
CVE-2026-4727 - Denial-of-service in the Libraries component in NSS
Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
7.5
CVE-2026-4726 - Denial-of-service in the XML component
Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.