Export limit exceeded: 349882 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349882 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349882 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28907 | 1 Apple | 5 Ios And Ipados, Macos, Tvos and 2 more | 2026-05-11 | N/A |
| The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | ||||
| CVE-2026-28826 | 1 Apple | 1 Macos | 2026-05-11 | 4 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A malicious app may be able to break out of its sandbox. | ||||
| CVE-2023-42346 | 1 Alkacon | 1 Opencms | 2026-05-11 | 7.5 High |
| Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host. | ||||
| CVE-2026-38568 | 2026-05-11 | 8.1 High | ||
| HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/<id> and /interview/<id> endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authorized role. Any authenticated user can access any other user's candidate profiles and interview notes by iterating the integer ID in the URL path, constituting a horizontal privilege escalation and full data breach of all records in the system. | ||||
| CVE-2026-38569 | 2026-05-11 | 5.4 Medium | ||
| HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate_detail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add. | ||||
| CVE-2026-28830 | 1 Apple | 1 Macos | 2026-05-11 | N/A |
| A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. | ||||
| CVE-2026-28944 | 1 Apple | 3 Ios And Ipados, Macos, Visionos | 2026-05-11 | N/A |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-28947 | 1 Apple | 5 Ios And Ipados, Macos, Tvos and 2 more | 2026-05-11 | N/A |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2026-28951 | 1 Apple | 2 Ios And Ipados, Macos | 2026-05-11 | N/A |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges. | ||||
| CVE-2026-28946 | 1 Apple | 1 Macos | 2026-05-11 | N/A |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2026-28920 | 1 Apple | 5 Ios And Ipados, Macos, Tvos and 2 more | 2026-05-11 | N/A |
| An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak sensitive data. | ||||
| CVE-2026-28961 | 1 Apple | 1 Macos | 2026-05-11 | N/A |
| This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2026-28936 | 1 Apple | 3 Ios And Ipados, Macos, Visionos | 2026-05-11 | N/A |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination. | ||||
| CVE-2026-28917 | 1 Apple | 5 Ios And Ipados, Macos, Tvos and 2 more | 2026-05-11 | N/A |
| The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-14512 | 2 Gnome, Redhat | 4 Glib, Enterprise Linux, Hummingbird and 1 more | 2026-05-11 | 6.5 Medium |
| A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. | ||||
| CVE-2025-14087 | 2 Gnome, Redhat | 3 Glib, Enterprise Linux, Hummingbird | 2026-05-11 | 5.6 Medium |
| A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. | ||||
| CVE-2026-43901 | 2026-05-11 | 6.8 Medium | ||
| Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wireshark_export_objects MCP tool that accepts an attacker-controlled dest_dir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction. The path sandbox (_allowed_dirs) is None by default and only activates when the environment variable WIRESHARK_MCP_ALLOWED_DIRS is explicitly set. In a default installation, any directory on the filesystem can be used as the export destination. | ||||
| CVE-2026-28846 | 1 Apple | 5 Ios And Ipados, Macos, Tvos and 2 more | 2026-05-11 | N/A |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected app termination. | ||||
| CVE-2026-28883 | 1 Apple | 5 Ios And Ipados, Macos, Tvos and 2 more | 2026-05-11 | N/A |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-28840 | 1 Apple | 1 Macos | 2026-05-11 | N/A |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.4. An app may be able to gain root privileges. | ||||