Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-0878
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
8.0
EPSS Score
0.001
Published
2026-01-13
CVE-2026-0879
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-13
CVE-2026-0880
Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-13
CVE-2026-0881
Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-01-13
CVE-2026-0882
Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-13
CVE-2026-0883
Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-13
CVE-2026-0884
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-13
CVE-2025-59021
Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs – facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-01-13
CVE-2025-59022
Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-01-13
CVE-2026-0859
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved