2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4723 — Mozilla Firefox: Use-after-free in the JavaScript Engine component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4723

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
HIGH

CVE-2026-4722 — Mozilla Firefox: Privilege escalation in the IPC component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4722

Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. CVSSv3.1 8.8 (HIGH)

VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4721 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4721

Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 120VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4720 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4720

Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 120VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
HIGH

CVE-2026-4718 — Mozilla Firefox: Undefined behavior in the WebRTC: Signaling component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4718

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 8.1 (HIGH)

CWECWE 758VNDMozillaVNDUndefinedTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4717 — Mozilla Firefox: Privilege escalation in the Netmonitor component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4717

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4716 — Mozilla Firefox: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4716

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.1 (CRITICAL)

CWECWE 908VNDMozillaTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4715 — Mozilla Firefox: Uninitialized memory in the Graphics: Canvas2D component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4715

Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.1 (CRITICAL)

CWECWE 908VNDMozillaVNDUninitializedTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4711 — Mozilla Firefox: Use-after-free in the Widget: Cocoa component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4711

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4710 — Mozilla Firefox: Incorrect boundary conditions in the Audio/Video component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4710

Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4705 — Mozilla Firefox: Undefined behavior in the WebRTC: Signaling component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4705

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 758VNDMozillaVNDUndefinedTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4702 — Mozilla Firefox: JIT miscompilation in the JavaScript Engine component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4702

JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 843VNDMozillaVNDJitTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4701 — Mozilla Firefox: Use-after-free in the JavaScript Engine component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4701

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4700 — Mozilla Firefox: Mitigation bypass in the Networking: HTTP component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4700

Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288VNDMozillaVNDMitigationTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4698 — Mozilla Firefox: JIT miscompilation in the JavaScript Engine: JIT component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4698

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 843VNDMozillaVNDJitTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4696 — Mozilla Firefox: Use-after-free in the Layout: Text and Fonts component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4696

Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4692 — Mozilla Firefox: Sandbox escape in the Responsive Design Mode component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4692

Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 10.0 (CRITICAL)

VNDMozillaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4691 — Mozilla Firefox: Use-after-free in the CSS Parsing and Computation component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4691

Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
HIGH

CVE-2026-4690 — Mozilla Firefox: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4690

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 8.6 (HIGH)

CWECWE 120CWECWE 190CWECWE 754VNDMozillaTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4689 — Mozilla Firefox: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4689

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 10.0 (CRITICAL)

CWECWE 120CWECWE 190CWECWE 754VNDMozillaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4688 — Mozilla Firefox: Sandbox escape due to use-after-free in the Disability Access APIs component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4688

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 10.0 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-03-24
2026-03-24 13:16Z
HIGH

CVE-2026-4687 — Mozilla Firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4687

Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. CVSSv3.1 8.6 (HIGH)

CWECWE 120CWECWE 754VNDMozillaTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-03-24
2026-03-24 12:16Z
HIGH

CVE-2019-25642 — Bootstrapy: CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25642

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the thread_id parameter of forum-thread.php, the subject parameter of contact-submit.php, the post-id parameter of post-new-submit.php, and the thread-id parameter to extract sensitive database information or cause denial of service. CVSSv3.1 8.2 (HIGH) · EPSS 30th percentile

CWECWE 89VNDBootstrapyTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-24
2026-03-24 12:16Z
HIGH

CVE-2019-25640 — Inout: Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25640

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information or cause denial of service through time-based attacks. CVSSv3.1 8.2 (HIGH) · EPSS 30th percentile

CWECWE 89VNDInoutTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-24
2026-03-24 12:16Z
HIGH

CVE-2019-25634 — 4mhz Base64_decoder: Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25634

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-RET gadget address, and uses an egghunter payload to locate and execute shellcode for code execution. CVSSv3.1 8.4 (HIGH) · EPSS 5th percentile

CWECWE 787VND4mhzVNDBase64TYPVulnerability
8.4
CVSS v3.1
92
Edit Score