10
CVE-2026-2760 - Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
9.8
CVE-2026-2759 - Incorrect boundary conditions in the Graphics: ImageLib component
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
9.8
CVE-2026-2758 - Use-after-free in the JavaScript: GC component
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
9.8
CVE-2026-2757 - Incorrect boundary conditions in the WebRTC: Audio/Video component
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
7.6
CVE-2026-2460 - Insufficient Authorization Allows LowβPrivilege User to Alter Directories via DAC Protocol
A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.
7.4
CVE-2026-2459 - Installer Role Exploit Allows Unauthorized Directory Access in Hitachi Energy REB500
A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.
9.3
CVE-2025-14577 - PHP Function Injection in Slican NPC/IPL/IPM/IPU
Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint. This issue was fixed in version 1.24.0190 (Slican NCP) and 6.61.0010 (Sβ¦
8.7
CVE-2026-1773 - Denial of Service via Invalid U-Format Frame in IEC 60870-5-104
IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame.Β Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of explβ¦
5.3
CVE-2026-1772 - Unauthorized Access to User Management Data via Web Interface
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.
5.3
CVE-2026-23969 - Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering
Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for theβ¦