Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-2759
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-24
CVE-2026-2760
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-02-24
CVE-2026-2761
Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-02-24
CVE-2026-2762
Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-24
CVE-2026-2763
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-24
CVE-2026-2764
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-24
CVE-2026-2765
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-24
CVE-2026-2766
Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-24
CVE-2026-23983
A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint (disabled by default) allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the API response improperly serializes and returns sensitive fields, including password hashes (pbkdf2), email addresses, and login statistics. This vulnerability allows authenticated users with low privileges (e.g., Gamma role) to view sensitive authentication data This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue or make sure TAGGING_SYSTEM is False (Apache Superset current default)
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-24
CVE-2026-23984
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language (DML) statements (e.g., INSERT, UPDATE, DELETE) on read-only connections, it fails to detect them in specially crafted SQL statements. This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved