Total
523 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-4748 | 1 Freebsd | 1 Freebsd | 2026-04-02 | N/A | 7.5 HIGH |
| A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected. Some keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant. Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking. | |||||
| CVE-2025-24224 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-02 | N/A | 7.5 HIGH |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, macOS Ventura 13.7.7, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to cause unexpected system termination. | |||||
| CVE-2025-24161 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-02 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination. | |||||
| CVE-2026-33939 | 1 Handlebarsjs | 1 Handlebars | 2026-03-31 | N/A | 7.5 HIGH |
| Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls `lookupProperty(decorators, "n")`, which returns `undefined`. The runtime then immediately invokes the result as a function, causing an unhandled `TypeError: ... is not a function` that crashes the Node.js process. Any application that compiles user-supplied templates without wrapping the call in a `try/catch` is vulnerable to a single-request Denial of Service. Version 4.7.9 fixes the issue. Some workarounds are available. Wrap compilation and rendering in `try/catch`. Validate template input before passing it to `compile()`; reject templates containing decorator syntax (`{{*...}}`) if decorators are not used in your application. Use the pre-compilation workflow; compile templates at build time and serve only pre-compiled templates; do not call `compile()` at request time. | |||||
| CVE-2026-3109 | 2026-03-30 | N/A | 2.2 LOW | ||
| Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584 | |||||
| CVE-2026-20719 | 1 Mattermost | 1 Mattermost Server | 2026-03-26 | N/A | 4.3 MEDIUM |
| Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID: MMSA-2026-00595 | |||||
| CVE-2026-4699 | 1 Mozilla | 1 Firefox | 2026-03-26 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4697 | 1 Mozilla | 1 Firefox | 2026-03-26 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4695 | 1 Mozilla | 1 Firefox | 2026-03-26 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4694 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-03-26 | N/A | 7.5 HIGH |
| Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4693 | 1 Mozilla | 1 Firefox | 2026-03-26 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4686 | 1 Mozilla | 1 Firefox | 2026-03-26 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4685 | 1 Mozilla | 1 Firefox | 2026-03-26 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4709 | 1 Mozilla | 1 Firefox | 2026-03-25 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4719 | 1 Mozilla | 1 Firefox | 2026-03-25 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4707 | 1 Mozilla | 1 Firefox | 2026-03-25 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4706 | 1 Mozilla | 1 Firefox | 2026-03-25 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4714 | 1 Mozilla | 1 Firefox | 2026-03-25 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4713 | 1 Mozilla | 1 Firefox | 2026-03-25 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4708 | 1 Mozilla | 1 Firefox | 2026-03-25 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||