CVE-2026-2793 - Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
CVE ID : CVE-2026-2793
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2793
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2794 - Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android
CVE ID : CVE-2026-2794
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2794
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2795 - Use-after-free in the JavaScript: GC component
CVE ID : CVE-2026-2795
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2795
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2796 - JIT miscompilation in the JavaScript: WebAssembly component
CVE ID : CVE-2026-2796
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2796
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2797 - Use-after-free in the JavaScript: GC component
CVE ID : CVE-2026-2797
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2797
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2798 - Use-after-free in the DOM: Core & HTML component
CVE ID : CVE-2026-2798
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2798
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2799 - Use-after-free in the DOM: Core & HTML component
CVE ID : CVE-2026-2799
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2799
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2800 - Spoofing issue in the WebAuthn component in Firefox for Android
CVE ID : CVE-2026-2800
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2800
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2801 - Incorrect boundary conditions in the JavaScript: WebAssembly component
CVE ID : CVE-2026-2801
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2801
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2802 - Race condition in the JavaScript: GC component
CVE ID : CVE-2026-2802
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2802
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2803 - Information disclosure, mitigation bypass in the Settings UI component
CVE ID : CVE-2026-2803
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2803
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2804 - Use-after-free in the JavaScript: WebAssembly component
CVE ID : CVE-2026-2804
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2804
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2805 - Invalid pointer in the DOM: Core & HTML component
CVE ID : CVE-2026-2805
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2805
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2806 - Uninitialized memory in the Graphics: Text component
CVE ID : CVE-2026-2806
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2806
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2807 - Memory safety bugs fixed in Firefox 148 and Thunderbird 148
CVE ID : CVE-2026-2807
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2807
Published : Feb. 24, 2026, 2:16 p.m. | 51 minutes ago
Description : Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27567 - Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads
CVE ID : CVE-2026-27567
Published : Feb. 24, 2026, 2:22 p.m. | 45 minutes ago
Description : Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. The Payload environment must have at least one collection with `upload` enabled and a user who has `create` access to that upload-enabled collection in order to be vulnerable. An authenticated user with upload collection write permissions could potentially access internal services. Response content from internal services could be retrieved through the application. This vulnerability has been patched in v3.75.0. As a workaround, one may mitigate this vulnerability by disabling external file uploads via the `disableExternalFile` upload collection option, or by restricting `create` access on upload-enabled collections to trusted users only.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-27567
Published : Feb. 24, 2026, 2:22 p.m. | 45 minutes ago
Description : Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. The Payload environment must have at least one collection with `upload` enabled and a user who has `create` access to that upload-enabled collection in order to be vulnerable. An authenticated user with upload collection write permissions could potentially access internal services. Response content from internal services could be retrieved through the application. This vulnerability has been patched in v3.75.0. As a workaround, one may mitigate this vulnerability by disabling external file uploads via the `disableExternalFile` upload collection option, or by restricting `create` access on upload-enabled collections to trusted users only.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3101 - Intelbras TIP 635G Ping os command injection
CVE ID : CVE-2026-3101
Published : Feb. 24, 2026, 2:32 p.m. | 35 minutes ago
Description : A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3101
Published : Feb. 24, 2026, 2:32 p.m. | 35 minutes ago
Description : A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3102 - exiftool PNG File MacOS.pm SetMacOSTags os command injection
CVE ID : CVE-2026-3102
Published : Feb. 24, 2026, 2:32 p.m. | 35 minutes ago
Description : A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3102
Published : Feb. 24, 2026, 2:32 p.m. | 35 minutes ago
Description : A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69985 - FUXA JWT Referer Header Bypass RCE
CVE ID : CVE-2025-69985
Published : Feb. 24, 2026, 4:24 p.m. | 1 hour, 54 minutes ago
Description : FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can bypass JWT authentication by spoofing the Referer header to match the server's host. Successful exploitation allows the attacker to access the protected /api/runscript endpoint and execute arbitrary Node.js code on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69985
Published : Feb. 24, 2026, 4:24 p.m. | 1 hour, 54 minutes ago
Description : FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can bypass JWT authentication by spoofing the Referer header to match the server's host. Successful exploitation allows the attacker to access the protected /api/runscript endpoint and execute arbitrary Node.js code on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23678 - Binardat 10G08-0800GSM Network Switch Traceroute CLI Command Injection
CVE ID : CVE-2026-23678
Published : Feb. 24, 2026, 4:24 p.m. | 1 hour, 54 minutes ago
Description : Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23678
Published : Feb. 24, 2026, 4:24 p.m. | 1 hour, 54 minutes ago
Description : Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27507 - Binardat 10G08-0800GSM Network Switch Hard-coded Credentials
CVE ID : CVE-2026-27507
Published : Feb. 24, 2026, 4:24 p.m. | 1 hour, 54 minutes ago
Description : Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-27507
Published : Feb. 24, 2026, 4:24 p.m. | 1 hour, 54 minutes ago
Description : Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...