62
CVEs
11
Critical
18
High
0
KEV
2
PoC
2
Unpatched C/H
82.3%
Patch Rate
0.2%
Avg EPSS
Severity Breakdown
CRITICAL
11
HIGH
18
MEDIUM
32
LOW
0
Monthly CVE Trend
Affected Products (30)
Firefox
1659
Thunderbird
989
Firefox Esr
461
Ubuntu Linux
363
Seamonkey
313
Android
288
Opensuse
284
Debian Linux
256
Thunderbird Esr
223
Enterprise Linux Server
163
Enterprise Linux Workstation
163
Enterprise Linux Desktop
163
Linux Enterprise Desktop
121
Linux Enterprise Server
121
Enterprise Linux Eus
111
Leap
108
Enterprise Linux Server Aus
100
Linux Enterprise Software Development Kit
97
Enterprise Linux Server Eus
95
Enterprise Linux Server Tus
68
Fedora
67
Solaris
66
Suse Linux Enterprise Server
55
Chrome
48
Suse Linux Enterprise Software Development Kit
45
Suse Linux Enterprise Desktop
45
Network Security Services
29
Open Redirect
29
Firefox Mobile
20
Linux Enterprise
20
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-49980 | Unauthenticated remote command execution in rclone's remote control daemon (rcd) affects versions 1.55.0 through 1.74.2 when started with `--rc-serve` and without HTTP authentication. A single GET or HEAD request to `/[remote:path]/object` triggers backend initialization with attacker-controlled inline remote options, executing commands as the rclone process user. No public exploit identified at time of analysis, though the GHSA advisory describes the technique in detail and notes the issue bypasses the earlier CVE-2026-41179 fix. | CRITICAL | 9.8 | 0.5% | 49 |
|
| CVE-2026-12293 | Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152. | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2026-14241 | Memory-corruption weaknesses in Mozilla Firefox 152.0.3 could allow remote attackers to potentially execute arbitrary code within the browser process. Mozilla graded the collected memory-safety bugs as critical (MFSA2026-62) and states some showed evidence of memory corruption that, with sufficient effort, could be exploited for code execution; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.14%, 4th percentile). The issue is resolved in Firefox 152.0.4. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2026-12294 | Sandbox escape in Mozilla Firefox's DOM Workers component allows remote attackers to break out of the browser's content process sandbox when a user visits a malicious web page. The flaw affects Firefox prior to 152, Firefox ESR before 140.12, and Firefox ESR before 115.37, with no public exploit identified at time of analysis despite a critical 9.6 CVSS score. EPSS exploitation probability is low at 0.16% and CISA SSVC marks exploitation as 'none', suggesting no in-the-wild abuse has been observed yet. | CRITICAL | 9.6 | 0.2% | 48 |
|
| CVE-2026-12295 | Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. | CRITICAL | 9.6 | 0.2% | 48 |
|
| CVE-2026-12297 | Sandbox escape in Mozilla Firefox and Firefox ESR allows a remote attacker to break out of the browser's content sandbox by exploiting incorrect boundary conditions in the Networking component, leading to full compromise of confidentiality, integrity, and availability on the host. Exploitation requires user interaction (e.g., visiting a malicious page), but with CVSS 9.6 and a scope change, successful exploitation crosses the renderer/host trust boundary. No public exploit identified at time of analysis, and EPSS is low (0.16%), consistent with the SSVC 'Exploitation: none' signal. | CRITICAL | 9.6 | 0.2% | 48 |
|
| CVE-2026-12296 | Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. | CRITICAL | 9.6 | 0.2% | 48 |
|
| CVE-2026-53649 | Unauthenticated remote code execution in Joro ≤ v1.1.0 (BishopFox's offensive-security tooling) allows an attacker to gain a shell as the operator's user when that operator merely visits a malicious web page. In the default proxy mode, Joro exposes an unauthenticated local API on 127.0.0.1:9090 with a wildcard CORS policy; because plugin uploads use the CORS-safelisted multipart/form-data content type, cross-origin JavaScript can upload a native Go plugin and trigger a restart through the operator's browser with no preflight or credentials, and the plugin's init() executes on load. No public exploit is identified at time of analysis, but the advisory documents a complete, reproducible attack chain, and the assigned CVSS is 9.6 (Critical). | CRITICAL | 9.6 | – | 48 |
|
| CVE-2026-12304 | Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. | CRITICAL | 9.1 | 0.2% | 46 |
|
| CVE-2026-12315 | Security mitigation bypass in the DOM: Security component of Mozilla Firefox allows remote attackers to circumvent browser security controls, with high impact to confidentiality and integrity. The flaw affects Firefox versions prior to 152 and Firefox ESR prior to 140.12, with no public exploit identified at time of analysis. Given the CVSS 9.1 rating and network-reachable attack vector, any user browsing a malicious page is potentially exposed. | CRITICAL | 9.1 | 0.3% | 46 |
|
| CVE-2026-12316 | Security mitigation bypass in the DOM: Security component of Mozilla Firefox prior to version 152 allows remote attackers to compromise confidentiality and integrity of browser-rendered content without user interaction. The flaw carries a critical CVSS 3.1 score of 9.1 (AV:N/AC:L/PR:N/UI:N) and is tagged as an Authentication Bypass class issue, though no public exploit identified at time of analysis. The vulnerability has been patched by Mozilla in Firefox 152 per MFSA2026-57/MFSA2026-60. | CRITICAL | 9.1 | 0.3% | 46 |
|
| CVE-2026-12289 | Privilege escalation in the WebRender graphics component of Mozilla Firefox enables remote attackers to elevate privileges within the browser sandbox when a victim loads malicious web content. Mozilla has patched the issue in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37, and no public exploit has been identified at time of analysis. | HIGH | 8.8 | 0.3% | 44 |
|
| CVE-2026-12291 | Memory corruption via use-after-free in the Networking: HTTP component of Mozilla Firefox enables remote attackers to potentially execute arbitrary code or trigger crashes when a user visits a malicious page. The flaw affects Firefox prior to version 152, Firefox ESR before 140.12, and Firefox ESR before 115.37, and carries a CVSS 3.1 score of 8.8 with high impact across confidentiality, integrity, and availability. With an EPSS of 0.16% (5th percentile) and no public exploit identified at time of analysis, opportunistic mass exploitation appears unlikely despite the high severity rating. | HIGH | 8.8 | 0.2% | 44 |
|
| CVE-2026-49825 | Stored cross-site scripting in the lxml_html_clean Cleaner (≤ 0.4.4) and the bundled lxml legacy html.clean module (≤ 6.1.0) lets attackers smuggle javascript: URLs through HTML sanitization on the namespaced xlink:href attribute. When callers configure Cleaner with safe_attrs_only=False, the URL-scheme scrubber never inspects <a xlink:href="javascript:..."> inside SVG or MathML, so the payload survives and executes when a victim clicks the rendered anchor. Publicly available exploit code exists (a working reproducer ships with the advisory), but there is no public exploit identified as being used in active attacks and the issue is not in CISA KEV. | HIGH | 8.2 | – | 41 |
|
| CVE-2026-12328 | Memory corruption vulnerabilities in Mozilla Firefox 151, Firefox ESR 115.36/140.11, and Thunderbird 151/ESR 140.11 allow remote attackers to potentially execute arbitrary code by serving crafted web content that triggers internal memory safety bugs. Mozilla developers observed evidence of memory corruption in several of these bugs and assess that sufficient effort could yield arbitrary code execution in the browser process. No public exploit identified at time of analysis, and SSVC reports no observed exploitation, but the high CVSS (8.1) and total technical impact warrant prompt patching. | HIGH | 8.1 | 0.3% | 41 |
|