Known Vulnerabilities for Tor Browser by Torproject

Listed below are 5 of the newest known vulnerabilities associated with "Tor Browser" by "Torproject".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-45000 json OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips str... Not Provided 2026-05-11 2026-05-11
CVE-2026-44737 json grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and... Not Provided 2026-05-11 2026-05-11
CVE-2026-44659 json Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar an... Not Provided 2026-05-11 2026-05-12
CVE-2026-44658 json Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in prom... Not Provided 2026-05-11 2026-05-11
CVE-2026-44580 json Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications... Not Provided 2026-05-13 2026-05-13
CVE-2026-44259 json efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type b... Not Provided 2026-05-12 2026-05-13
CVE-2026-43968 json Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and... Not Provided 2026-05-11 2026-05-12
CVE-2026-43900 json DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-bet... Not Provided 2026-05-11 2026-05-12
CVE-2026-43878 json WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacke... Not Provided 2026-05-11 2026-05-12
CVE-2026-43875 json WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes... Not Provided 2026-05-11 2026-05-12
Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationTorprojectTor Browser9.0
ApplicationTorprojectTor Browser9.0
ApplicationTorprojectTor Browser9.0
ApplicationTorprojectTor Browser8.5.4
ApplicationTorprojectTor Browser8.5.3
ApplicationTorprojectTor Browser8.5.2
ApplicationTorprojectTor Browser8.5.1
ApplicationTorprojectTor Browser8.5
ApplicationTorprojectTor Browser8.0.9
ApplicationTorprojectTor Browser8.0.8
ApplicationTorprojectTor Browser8.0.7
ApplicationTorprojectTor Browser8.0.6
ApplicationTorprojectTor Browser8.0.5
ApplicationTorprojectTor Browser8.0.4
ApplicationTorprojectTor Browser8.0.3
ApplicationTorprojectTor Browser8.0.2
ApplicationTorprojectTor Browser8.0.1
ApplicationTorprojectTor Browser8.0
ApplicationTorprojectTor Browser7.5.6
ApplicationTorprojectTor Browser7.5.3
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report