CVE-2026-6654 | Mozilla thin-vec up to 0.2.15 clear use after free (GHSA-xphw-cqx3-667j)

Inserito da Angelo Barbosa | Apr 20, 2026 | CVE

A vulnerability labeled as critical has been found in Mozilla thin-vec up to 0.2.15. The affected element is the function IntoIter::drop/ThinVec::clear. Such manipulation leads to use after free.

This vulnerability is listed as CVE-2026-6654. The attack must be carried out from within the local network. There is no available exploit.

The affected component should be upgraded.

CVE-2026-6654 | Mozilla thin-vec up to 0.2.15 clear use after free (GHSA-xphw-cqx3-667j)

Post correlati

CVE-2024-3227 | Panwei eoffice OA up to 9.5 Backend save_image.php image_type path traversal

CVE-2025-15396 | Library Viewer Plugin up to 3.1.x on WordPress cross site scripting

CVE-2024-31468 | Aruba InstantOS/ArubaOS PAPI buffer overflow (ARUBA-PSA-2024-006)

CVE-2025-14978 | PeachPay Plugin up to 1.119.8 on WordPress REST Endpoint authorization