Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-6762 — Spoofing issue in the DOM: Core & HTML component

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

| Misconfiguration
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6761 — Privilege escalation in the Networking component

Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

| Authorization
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6760 — Mitigation bypass in the Networking: Cookies component

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150.

| Misconfiguration
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6759 — Use-after-free in the Widget: Cocoa component

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6758 — Use-after-free in the JavaScript: WebAssembly component

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6757 — Invalid pointer in the JavaScript: WebAssembly component

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6756 — Mitigation bypass in Firefox for Android

Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.

Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
6.5 MEDIUM
CVE-2026-6755 — Mitigation bypass in the DOM: postMessage component

Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150.

Remote | Information Disclosure
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6754 — Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6753 — Incorrect boundary conditions in the WebRTC component

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6752 — Incorrect boundary conditions in the WebRTC component

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6751 — Uninitialized memory in the Audio/Video: Web Codecs component

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6750 — Privilege escalation in the Graphics: WebRender component

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

| Authorization
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6749 — Information disclosure due to uninitialized memory in the Graphics: Canvas2D component

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

| Information Disclosure
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6748 — Uninitialized memory in the Audio/Video: Web Codecs component

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6747 — Use-after-free in the WebRTC component

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6746 — Use-after-free in the DOM: Core & HTML component

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
8.6 HIGH
CVE-2026-40520 — FreePBX api module Command Injection via GraphQL

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() w…

Remote | Injection
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6786 — Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and T…

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6785 — Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.1…

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume tha…

| Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
Showing 20 of 6084 Results