|
101
|
8.7 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') …
Update
|
CWE-22
Path Traversal
|
CVE-2026-34653
|
2026-05-21 01:02 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
102
|
5.3 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result i…
Update
|
NVD-CWE-Other
|
CVE-2026-34654
|
2026-05-21 01:02 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
103
|
4.8 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-p…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-34655
|
2026-05-21 00:59 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
104
|
4.3 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature by…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-34656
|
2026-05-21 00:58 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
105
|
4.8 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-p…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-34658
|
2026-05-21 00:50 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
106
|
3.4 |
LOW
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Sec…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-34685
|
2026-05-21 00:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
107
|
8.6 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
New
|
CWE-668
CWE-693
Exposure of Resource to Wrong Sphere
Protection Mechanism Failure
|
CVE-2026-8958
|
2026-05-21 00:01 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
108
|
9.3 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
New
|
CWE-346
Origin Validation Error
|
CVE-2026-8950
|
2026-05-21 00:00 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
109
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-8963
|
2026-05-20 23:57 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
110
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-8964
|
2026-05-20 23:57 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
