Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-6752
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-04-21
CVE-2026-6753
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-04-21
CVE-2026-6754
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-04-21
CVE-2026-6755
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-21
CVE-2026-6756
Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-04-21
CVE-2026-6757
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-04-21
CVE-2026-6758
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-04-21
CVE-2026-6759
Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-04-21
CVE-2026-6760
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-04-21
CVE-2026-40520
FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL moduleOperations mutation with backtick-wrapped commands in the module field to execute arbitrary commands on the underlying host as the web server user.
CVSS Score
8.6
EPSS Score
0.004
Published
2026-04-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved