Search CVE reports

181 – 190 of 2399 results

Detailed view

Sort by:

CVE-2026-24515

Medium priority

Some fixes available 12 of 73

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	Not affected	Fixed	Fixed	Fixed	Fixed
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vnc4	Not in release	Not in release	Not in release	—	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gdcm	Not affected	Not affected	Not affected	Not affected	Needs evaluation
ayttm	Not in release	Not in release	Not in release	—	—
cableswig	Not in release	Not in release	Not in release	—	—
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
matanza	Ignored	Ignored	Ignored	Ignored	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vtk	Not in release	Not in release	Not in release	—	—
smart	Not in release	Not in release	Not in release	—	Needs evaluation
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Not affected	—	—
libxmltok	Not in release	Fixed	Fixed	Fixed	Fixed

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2026-0891

Medium priority

Some fixes available 1 of 11

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2026-0890

Medium priority

Some fixes available 1 of 11

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2026-0889

Medium priority

Not affected

Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not affected	—	—
thunderbird	—	Not affected	Not affected	—	—

CVE-2026-0888

Medium priority

Not affected

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not affected	—	—
thunderbird	—	Not affected	Not affected	—	—

CVE-2026-0887

Medium priority

Some fixes available 1 of 11

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2026-0886

Medium priority

Some fixes available 1 of 11

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2026-0885

Medium priority

Some fixes available 1 of 11

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2026-0884

Medium priority

Some fixes available 1 of 11

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

Export to JSON

Results by page: