Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 24 February 2026
RSS259 vulnerabilities published on 24 February 2026
Severity:
OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE
CVE-2026-27574
GHSA-v264-xqh4-9xmm
### Summary
OneUptime lets project members write custom JavaScript that runs inside monitors. The problem is it executes that code using Node.js's bu...
10.0
Firefox, Thunderbird: Attackers Can Escape Browser's Protective Sandbox
CVE-2026-2778
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33,...
10.0
Firefox and Thunderbird: Hackers can escape security boundaries
CVE-2026-2776
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox...
10.0
Firefox and Thunderbird: IndexedDB Data Exposure
CVE-2026-2768
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird ...
10.0
Firefox, Thunderbird: Graphics Component Lets Attackers Escape Sandboxing
CVE-2026-2761
Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird ...
10.0
Firefox and Thunderbird can be hacked if you view malicious images
DEBIAN-CVE-2026-2760
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115....
10.0
Firefox and Thunderbird: Graphics Vulnerability Allows Malicious Code Execution
CVE-2026-2760
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115....
10.0
dotCMS allows attackers to execute arbitrary system commands
CVE-2025-11165
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine (VTools) that allows authenticated users with scripting privileges to bypa...
9.4
InSAT MasterSCADA BUK-TS: Remote Code Execution via Web Interface
CVE-2026-22553
All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that ...
9.3
InSAT MasterSCADA BUK-TS allows remote code execution via web interface
CVE-2026-21410
InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentia...
9.3
Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport
CVE-2026-27590
GHSA-5r3v-vc8m-m96g
### Summary
Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to s...
8.9
Tattile Smart+, Vega, and Basic devices: Stolen access token allows unauthorized access
CVE-2026-26342
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient...
8.7
Tattile Devices Ship with Default Passwords, Leaving Data Accessible
CVE-2026-26341
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed du...
9.3
FUXA: Unauthenticated access to sensitive endpoint due to Referer header spoofing
CVE-2025-69985
GHSA-4r4r-4jp4-wwf9
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/ap...
9.8
Altec DocLink service exposes sensitive data and allows unauthorized access
CVE-2026-26222
Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHo...
10.0
Binardat Switch Firmware: Administrative Access via Hard-Coded Passwords
CVE-2026-27507
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed b...
9.3
Firefox and Thunderbird Memory Corruption Bugs Allow Malicious Code Execution
CVE-2026-2807
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough...
9.8
Firefox and Thunderbird: Malicious Websites Can Crash Browser
CVE-2026-2805
Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148....
9.8
Firefox and Thunderbird Spoofing Flaw on Android
CVE-2026-2800
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148....
9.8
Firefox & Thunderbird: Data Leaked When Closing Browser Tabs
CVE-2026-2799
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148....
9.8
Firefox and Thunderbird: Data Exposure Through Memory Mishandling
CVE-2026-2797
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148....
9.8
Firefox and Thunderbird can crash or run malicious code
CVE-2026-2796
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148....
9.8
Firefox and Thunderbird Can Crash Due to JavaScript Memory Error
CVE-2026-2795
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148....
9.8
Firefox and Thunderbird: Memory Safety Bugs Can Crash or Run Malicious Code
CVE-2026-2793
Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed...
9.8
Firefox, Thunderbird: Memory Corruption Could Allow Code Execution
CVE-2026-2792
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory ...
9.8