CVE-2026-4693
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firef
CVSS
7.5
Alto
EPSS
0.7%
p49
KEV
—
Exploit Today
15
0-100
Publicado: 24 mar 2026 · Última mod.: 15 jul 2026 · CWE-754 · CWE-823
0.7%EPSS · 30 días0.7%
2026-06-302026-07-16
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
- bugzilla.mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=2018102
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-20/
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-21/
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-22/
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-23/
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-24/
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:5930
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:5931
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:5932
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6188
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6342
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6917
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:7837
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:7838
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:7839
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:7840
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:7841
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:7842
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:7843
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:7845
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-256397.5 ALT82.9%
——25Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.16hCVE-2026-59467.5 ALT76.2%
——23Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`.
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.2dCVE-2026-46947.5 ALT51.6%
——15Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.2dCVE-2026-46908.6 ALT51.6%
——15Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.2dCVE-2026-46867.5 ALT49.1%
——15Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.2dCVE-2026-46997.5 ALT48.6%
——15Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.2d