Search CVE reports
371 – 380 of 26567 results
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| mozjs102 | Not in release |
| mozjs115 | Not in release |
Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| mozjs102 | Not in release |
| mozjs115 | Not in release |
A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based...
1 affected package
gdal
| Package | 26.04 LTS |
|---|---|
| gdal | Needs evaluation |
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes...
1 affected package
gdal
| Package | 26.04 LTS |
|---|---|
| gdal | Needs evaluation |
Not in release
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas...
1 affected package
mongodb
| Package | 26.04 LTS |
|---|---|
| mongodb | Not in release |
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026.
1 affected package
postorius
| Package | 26.04 LTS |
|---|---|
| postorius | Needs evaluation |
Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
1 affected package
tor
| Package | 26.04 LTS |
|---|---|
| tor | Needs evaluation |
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.
1 affected package
tor
| Package | 26.04 LTS |
|---|---|
| tor | Needs evaluation |
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.
1 affected package
tor
| Package | 26.04 LTS |
|---|---|
| tor | Needs evaluation |
Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.
1 affected package
tor
| Package | 26.04 LTS |
|---|---|
| tor | Needs evaluation |