Search CVE reports

141 – 150 of 3130 results

Detailed view

Sort by:

CVE-2026-4690

Medium priority

Vulnerable

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
thunderbird	Not affected	Not affected	Vulnerable	—	—

CVE-2026-4689

Medium priority

Vulnerable

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
thunderbird	Not affected	Not affected	Vulnerable	—	—

CVE-2026-4688

Medium priority

Vulnerable

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
thunderbird	Not affected	Not affected	Vulnerable	—	—

CVE-2026-4687

Medium priority

Vulnerable

Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
thunderbird	Not affected	Not affected	Vulnerable	—	—

CVE-2026-4686

Medium priority

Vulnerable

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
thunderbird	Not affected	Not affected	Vulnerable	—	—

CVE-2026-4685

Medium priority

Vulnerable

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
thunderbird	Not affected	Not affected	Vulnerable	—	—

CVE-2026-4684

Medium priority

Vulnerable

Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
thunderbird	Not affected	Not affected	Vulnerable	—	—

CVE-2026-4739

Medium priority

Needs evaluation

Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	—	—
cableswig	Not in release	Not in release	Not in release	—	—
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
firefox	Not affected	Not affected	Not affected	—	—
gdcm	Not affected	Not affected	Not affected	Not affected	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
matanza	Ignored	Ignored	Ignored	Ignored	Needs evaluation
smart	Not in release	Not in release	Not in release	—	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	—	—
vnc4	Not in release	Not in release	Not in release	—	Needs evaluation
vtk	Not in release	Not in release	Not in release	—	—
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-32778

Medium priority

Needs evaluation

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	—	—
cableswig	Not in release	Not in release	Not in release	—	—
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
firefox	Not affected	Not affected	Not affected	—	—
gdcm	Not affected	Not affected	Not affected	Not affected	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
matanza	Ignored	Ignored	Ignored	Ignored	Needs evaluation
smart	Not in release	Not in release	Not in release	—	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	—	—
vnc4	Not in release	Not in release	Not in release	—	Needs evaluation
vtk	Not in release	Not in release	Not in release	—	—
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-32777

Medium priority

Needs evaluation

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	—	—
cableswig	Not in release	Not in release	Not in release	—	—
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
firefox	Not affected	Not affected	Not affected	—	—
gdcm	Not affected	Not affected	Not affected	Not affected	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
matanza	Ignored	Ignored	Ignored	Ignored	Needs evaluation
smart	Not in release	Not in release	Not in release	—	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	—	—
vnc4	Not in release	Not in release	Not in release	—	Needs evaluation
vtk	Not in release	Not in release	Not in release	—	—
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page: