296
CVEs
95
Critical
124
High
0
KEV
5
PoC
7
Unpatched C/H
92.6%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
95
HIGH
124
MEDIUM
75
LOW
1
Monthly CVE Trend
Affected Products (30)
Firefox
1659
Thunderbird
989
Firefox Esr
461
Ubuntu Linux
363
Seamonkey
313
Android
288
Opensuse
284
Debian Linux
256
Thunderbird Esr
223
Enterprise Linux Server
163
Enterprise Linux Workstation
163
Enterprise Linux Desktop
163
Linux Enterprise Desktop
121
Linux Enterprise Server
121
Enterprise Linux Eus
111
Leap
108
Enterprise Linux Server Aus
100
Linux Enterprise Software Development Kit
97
Enterprise Linux Server Eus
95
Enterprise Linux Server Tus
68
Fedora
67
Solaris
66
Suse Linux Enterprise Server
55
Chrome
48
Suse Linux Enterprise Software Development Kit
45
Suse Linux Enterprise Desktop
45
Network Security Services
29
Open Redirect
29
Firefox Mobile
20
Linux Enterprise
20
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-4689 | A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
|
| CVE-2026-2796 | JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
|
| CVE-2026-2761 | Second sandbox escape in Firefox WebRender component. CVSS 10.0 — independent path from CVE-2026-2760 to escape the content process sandbox. | CRITICAL | 10.0 | 0.1% | 50 |
|
| CVE-2026-2768 | Sandbox escape via IndexedDB in Firefox before 148 and Thunderbird. CVSS 10.0 — the Storage: IndexedDB component allows escaping the content process sandbox. | CRITICAL | 10.0 | 0.1% | 50 |
|
| CVE-2026-2778 | Sandbox escape via DOM Core & HTML component in Firefox before 148. CVSS 10.0 — fifth sandbox escape in this release. | CRITICAL | 10.0 | 0.1% | 50 |
|
| CVE-2026-2760 | Sandbox escape via boundary violation in Firefox WebRender graphics component. CVSS 10.0 — allows escaping the content sandbox to execute code with elevated privileges. | CRITICAL | 10.0 | 0.1% | 50 |
|
| CVE-2026-2776 | Sandbox escape via Telemetry component in Firefox external software before 148. CVSS 10.0 — fourth sandbox escape in this release, through the telemetry subsystem. | CRITICAL | 10.0 | 0.1% | 50 |
|
| CVE-2026-4688 | Sandbox escape in Mozilla Firefox's Disability Access APIs component due to a use-after-free memory vulnerability allows unauthenticated remote attackers to execute arbitrary code with full system compromise. Firefox versions below 149 and Firefox ESR below 140.9 are affected, with no patch currently available. The vulnerability is exploitable over the network without user interaction, presenting critical risk to all affected users. | CRITICAL | 10.0 | 0.0% | 50 |
|
| CVE-2026-4725 | Unauthenticated remote attackers can escape the Firefox sandbox through a use-after-free vulnerability in the Canvas2D graphics component, allowing arbitrary code execution on affected systems running Firefox versions prior to 149. The vulnerability requires no user interaction and impacts the entire system due to its critical severity and CVSS score of 10.0. No patch is currently available for this actively exploitable flaw. | CRITICAL | 10.0 | 0.0% | 50 |
|
| CVE-2026-4692 | A sandbox escape vulnerability exists in Firefox's Responsive Design Mode component that allows attackers to break out of the browser's security sandbox and access sensitive information. This affects Firefox versions prior to 149, Firefox ESR prior to 115.34, and Firefox ESR prior to 140.9. An attacker can exploit this vulnerability to disclose information by circumventing the sandbox restrictions that normally isolate web content from the browser's privileged context. | CRITICAL | 10.0 | 0.0% | 50 |
|
| CVE-2026-49980 | Unauthenticated remote command execution in rclone's remote control daemon (rcd) affects versions 1.55.0 through 1.74.2 when started with `--rc-serve` and without HTTP authentication. A single GET or HEAD request to `/[remote:path]/object` triggers backend initialization with attacker-controlled inline remote options, executing commands as the rclone process user. No public exploit identified at time of analysis, though the GHSA advisory describes the technique in detail and notes the issue bypasses the earlier CVE-2026-41179 fix. | CRITICAL | 9.8 | 0.5% | 49 |
|
| CVE-2026-12293 | Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152. | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2026-14241 | Memory-corruption weaknesses in Mozilla Firefox 152.0.3 could allow remote attackers to potentially execute arbitrary code within the browser process. Mozilla graded the collected memory-safety bugs as critical (MFSA2026-62) and states some showed evidence of memory corruption that, with sufficient effort, could be exploited for code execution; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.14%, 4th percentile). The issue is resolved in Firefox 152.0.4. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2026-2793 | Memory safety bugs in Firefox ESR 115.32, ESR 140.7, and Firefox 147. Broader set of memory corruption issues than CVE-2026-2792. | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2026-2792 | Memory safety bugs in Firefox ESR 140.7 and Firefox 147 with evidence of memory corruption and potential code execution exploitability. | CRITICAL | 9.8 | 0.1% | 49 |
|