CVE-2026-8391
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and
CVSS
5.3
Medio
EPSS
0.3%
p22
KEV
—
Exploit Today
7
0-100
Publicado: 12 may 2026 · Última mod.: 15 jul 2026 · CWE-20 · CWE-79 · CWE-119
0.3%EPSS · 30 días0.3%
2026-06-302026-07-16
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
- bugzilla.mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=2038575
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-45/
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-47/
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-48/
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-51/
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21378
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21380
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21381
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21382
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:22325
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:22643
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26174
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26268
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26269
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26270
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26491
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26492
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26493
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26521
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26536
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability2dCVE-2025-312778.8 ALT71.0%
KEV—71Apple Multiple Products Buffer Overflow Vulnerability2dCVE-2026-125699.8 CRÍ66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability17dCVE-2021-252996.1 MED99.9%
——30Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.8dCVE-2021-364506.1 MED99.2%
——30Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.8dCVE-2023-414256.1 MED98.9%
——30Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.8d