Common Vulnerabilities and Exposures (CVE)

CVE-2026-8975

May 20, 2026 03:55:34 UTC

Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera...

CVE-2026-8974

May 20, 2026 03:55:32 UTC

Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera...

CVE-2026-8973

May 20, 2026 03:55:31 UTC

Memory safety bugs present in Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Fir...

CVE-2026-8972

May 20, 2026 03:55:30 UTC

Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

CVE-2026-8970

May 20, 2026 03:55:29 UTC

Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

CVE-2026-8957

May 20, 2026 03:55:28 UTC

Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

CVE-2026-8955

May 20, 2026 03:55:26 UTC

Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

CVE-2026-8952

May 20, 2026 03:55:25 UTC

Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

CVE-2026-32323

May 20, 2026 03:55:24 UTC

Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applicat...

CVE-2026-22810

May 20, 2026 03:55:23 UTC

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The O...

CVE-2026-47323

May 20, 2026 03:55:22 UTC

Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and K...

CVE-2026-26978

May 20, 2026 03:55:20 UTC

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. Du...

CVE-2026-35086

May 20, 2026 03:55:19 UTC

Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

CVE-2026-45434

May 20, 2026 03:55:18 UTC

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the ...

CVE-2026-46586

May 20, 2026 03:55:17 UTC

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are r...