CVE-2026-14906
Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS a
CVSS
5.3
Medium
EPSS
0.2%
p7
KEV
—
Exploit Today
2
0-100
Published: Jul 13, 2026 · Last modified: Jul 14, 2026 · CWE-434
0.2%EPSS · 30 days0.2%
2026-07-142026-07-17
Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-562909.8 CRI85.4%
KEV—76Joomlack Page Builder Improper Access Control Vulnerability9dCVE-2026-489089.8 CRI72.6%
KEV—72JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability9dCVE-2026-489399.8 CRI71.5%
KEV—71iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability7dCVE-2026-562919.8 CRI53.7%
KEV—66Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability7dCVE-2023-388368.8 HIG99.3%
——30File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.9dCVE-2023-464747.2 HIG97.3%
——29File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.9d