10

CVSS3.1

CVE-2026-0881 - Sandbox escape in the Messaging System component

Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

๐Ÿ“… Published: Jan. 13, 2026, 1:30 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 6:15 p.m.

9.8

CVSS3.1

CVE-2026-0879 - Sandbox escape due to incorrect boundary conditions in the Graphics component

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

๐Ÿ“… Published: Jan. 13, 2026, 1:30 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 6:30 p.m.

8.8

CVSS3.1

CVE-2026-0880 - Sandbox escape due to integer overflow in the Graphics component

Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

๐Ÿ“… Published: Jan. 13, 2026, 1:30 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 6:15 p.m.

8

CVSS3.1

CVE-2026-0878 - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

๐Ÿ“… Published: Jan. 13, 2026, 1:30 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 6:30 p.m.

8.1

CVSS3.1

CVE-2026-0877 - Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

๐Ÿ“… Published: Jan. 13, 2026, 1:30 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 10 p.m.

5.5

CVSS3.1

CVE-2025-9435 - Path Traversal

Zohocorp ManageEngine ADManager Plus versions belowย 7230ย are vulnerable toย Path Traversalย in the User Management module

๐Ÿ“… Published: Jan. 13, 2026, 1:14 p.m. ๐Ÿ”„ Last Modified: Jan. 29, 2026, 7:10 p.m.

8.8

CVSS3.1

CVE-2025-13774 - SQL injection leading to privilege escalation in Progress Flowmon ADS

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands.

๐Ÿ“… Published: Jan. 13, 2026, 12:59 p.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 3:04 p.m.

5.2

CVSS4.0

CVE-2026-0859 - TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool

TYPO3's mailโ€‘file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.โ€ฆ

๐Ÿ“… Published: Jan. 13, 2026, 11:54 a.m. ๐Ÿ”„ Last Modified: April 18, 2026, 4:30 p.m.

7.1

CVSS4.0

CVE-2025-59022 - TYPO3 CMS Allows Broken Access Control in Recycler Module

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailaโ€ฆ

๐Ÿ“… Published: Jan. 13, 2026, 11:53 a.m. ๐Ÿ”„ Last Modified: Jan. 14, 2026, 7:07 p.m.

5.3

CVSS4.0

CVE-2025-59021 - TYPO3 CMS Allows Broken Access Control in Redirects Module

Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the userโ€™s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs โ€ฆ

๐Ÿ“… Published: Jan. 13, 2026, 11:53 a.m. ๐Ÿ”„ Last Modified: Jan. 14, 2026, 7:14 p.m.
Total resulsts: 349182
Page 2173 of 34,919
ยซ previous page ยป next page
Filters