24h | 7d | 30d

CVE-2026-6784

Overview

  • Mozilla
  • Firefox
21 Apr 2026
Published
22 Apr 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Dan Goodin @dangoodin

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

  • 1
  • 7
  • 0
  • 21h ago

CVE-2026-6786

Overview

  • Mozilla
  • Firefox
21 Apr 2026
Published
22 Apr 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Dan Goodin @dangoodin

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

  • 1
  • 7
  • 0
  • 21h ago

CVE-2026-6785

Overview

  • Mozilla
  • Firefox
21 Apr 2026
Published
22 Apr 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Dan Goodin @dangoodin

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

  • 1
  • 7
  • 0
  • 21h ago

CVE-2026-34002

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture fallback
XLibre @XLibreDev

We released the #XLibre Xserver 25.0.0.22 and 25.1.4 on Apr 21 containing #security fixes for CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, and CVE-2026-34003 of the X.Org Server. We recommend everyone update ASAP. #CVE github.com/X11Libre/xserver/re

  • 2
  • 4
  • 0
  • 20h ago

CVE-2026-33999

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • xorg-x11-server-Xwayland
23 Apr 2026
Published
23 Apr 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture fallback
XLibre @XLibreDev

We released the #XLibre Xserver 25.0.0.22 and 25.1.4 on Apr 21 containing #security fixes for CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, and CVE-2026-34003 of the X.Org Server. We recommend everyone update ASAP. #CVE github.com/X11Libre/xserver/re

  • 2
  • 4
  • 0
  • 20h ago

CVE-2026-34000

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture fallback
XLibre @XLibreDev

We released the #XLibre Xserver 25.0.0.22 and 25.1.4 on Apr 21 containing #security fixes for CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, and CVE-2026-34003 of the X.Org Server. We recommend everyone update ASAP. #CVE github.com/X11Libre/xserver/re

  • 2
  • 4
  • 0
  • 20h ago

CVE-2026-34001

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • xorg-x11-server-Xwayland
23 Apr 2026
Published
23 Apr 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture fallback
XLibre @XLibreDev

We released the #XLibre Xserver 25.0.0.22 and 25.1.4 on Apr 21 containing #security fixes for CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, and CVE-2026-34003 of the X.Org Server. We recommend everyone update ASAP. #CVE github.com/X11Libre/xserver/re

  • 2
  • 4
  • 0
  • 20h ago

CVE-2026-34003

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • xorg-x11-server-Xwayland
23 Apr 2026
Published
23 Apr 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture fallback
XLibre @XLibreDev

We released the #XLibre Xserver 25.0.0.22 and 25.1.4 on Apr 21 containing #security fixes for CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, and CVE-2026-34003 of the X.Org Server. We recommend everyone update ASAP. #CVE github.com/X11Libre/xserver/re

  • 2
  • 4
  • 0
  • 20h ago
Showing 41 to 48 of 48 CVEs