CVEs from 2026
Total
14,172
critical
critical 1,106
high
high 3,898
medium
medium 3,930
low
low 413
% Critical
7.8%
% with KEV
0.4%
% with exploit
0.4%
Top products
- firepower_threat_defense 298
- chrome 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-23557 | medium | 6.5 | 6.5 | 9d ago | Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will hap… | |
| CVE-2026-37979 | medium | 6.5 | 6.5 | 9d ago | A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attac… | |
| CVE-2026-45187 | medium | 6.5 | 6.5 | 9d ago | Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |
| CVE-2026-35086 | medium | 6.5 | 6.5 | 9d ago | Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to vers… | |
| CVE-2026-31380 | medium | 6.5 | 6.5 | 9d ago | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06… | |
| CVE-2026-31378 | medium | 6.5 | 6.5 | 9d ago | Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |
| CVE-2026-29220 | medium | 6.5 | 6.5 | 9d ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to v… | |
| CVE-2026-29207 | medium | 6.5 | 6.5 | 9d ago | Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24… | |
| CVE-2026-28733 | medium | 6.5 | 6.5 | 9d ago | in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution. | |
| CVE-2026-27737 | medium | 6.5 | 6.5 | 9d ago | BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicio… | |
| CVE-2026-8843 | medium | 6.5 | 6.5 | 10d ago | Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A simi… | |
| CVE-2026-20685 | medium | 6.5 | 6.5 | 10d ago | An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3. | |
| CVE-2026-6345 | medium | 6.5 | 6.5 | 10d ago | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of som… | |
| CVE-2026-5163 | medium | 6.5 | 6.5 | 10d ago | Mattermost versions 11.5.x <= 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private ch… | |
| CVE-2026-3471 | medium | 6.5 | 6.5 | 10d ago | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated cra… | |
| CVE-2026-3117 | medium | 6.5 | 6.5 | 10d ago | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or se… | |
| CVE-2026-6340 | medium | 6.5 | 6.5 | 10d ago | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exh… | |
| CVE-2026-2325 | medium | 6.5 | 6.5 | 10d ago | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cau… | |
| CVE-2026-33637 | medium | 6.5 | 6.5 | 10d ago | Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping | |
| CVE-2026-8769 | medium | 6.5 | 6.5 | 10d ago | A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/respons… | |
| CVE-2026-8766 | medium | 6.5 | 6.5 | 10d ago | A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executi… | |
| CVE-2026-8765 | medium | 6.5 | 6.5 | 10d ago | A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component Fi… | |
| CVE-2026-8746 | medium | 6.5 | 6.5 | 11d ago | A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation res… | |
| CVE-2026-8745 | medium | 6.5 | 6.5 | 11d ago | A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation le… | |
| CVE-2026-8744 | medium | 6.5 | 6.5 | 11d ago | A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs_sbi_subscription_data_add/ogs_sbi_nf_service_add in the library /lib/sbi/context.c of the component NRF. Executing … | |
| CVE-2026-8738 | medium | 6.5 | 6.5 | 11d ago | A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file public… | |
| CVE-2026-8731 | medium | 6.5 | 6.5 | 11d ago | A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument client_pool … | |
| CVE-2026-8730 | medium | 6.5 | 6.5 | 11d ago | A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfI… | |
| CVE-2026-8729 | medium | 6.5 | 6.5 | 11d ago | A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of the argument service-names/s… | |
| CVE-2026-8728 | medium | 6.5 | 6.5 | 11d ago | A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. S… | |
| CVE-2026-46719 | medium | 6.5 | 6.5 | 12d ago | Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject add… | |
| CVE-2026-8704 | medium | 6.5 | 6.5 | 12d ago | Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | |
| CVE-2026-45667 | medium | 6.5 | 6.5 | 12d ago | Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS) | |
| CVE-2026-45666 | medium | 6.5 | 6.5 | 12d ago | Open WebUI has an Indirect Object Reference (IDOR) in user notes | |
| CVE-2026-45351 | medium | 6.5 | 6.5 | 12d ago | Open WebUI Exposes System Prompt to Regular User [Non-Admin] | |
| CVE-2026-45345 | medium | 6.5 | 6.5 | 12d ago | Open WebUI missing authorization check at the model update function - models from other users can be updated | |
| CVE-2026-44571 | medium | 6.5 | 6.5 | 12d ago | Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission | |
| CVE-2026-45008 | medium | 6.5 | 6.5 | 12d ago | phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins | |
| CVE-2026-44562 | medium | 6.5 | 6.5 | 12d ago | Open WebUI's Model Import Overwrites Any Model Without Ownership Check | |
| CVE-2026-44560 | medium | 6.5 | 6.5 | 12d ago | Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search | |
| CVE-2026-4054 | medium | 6.5 | 6.5 | 12d ago | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG fi… | |
| CVE-2026-46362 | medium | 6.5 | 6.5 | 12d ago | phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Att… | |
| CVE-2026-45773 | medium | 6.5 | 6.5 | 13d ago | Trubo: Login callback CSRF/session fixation | |
| CVE-2026-8669 | medium | 6.5 | 6.5 | 13d ago | Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized… | |
| CVE-2026-39053 | medium | 6.5 | 6.5 | 13d ago | Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils… | |
| CVE-2026-39052 | medium | 6.5 | 6.5 | 13d ago | Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled sc… | |
| CVE-2026-8503 | medium | 6.5 | 6.5 | 13d ago | Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re… | |
| CVE-2026-4683 | medium | 6.5 | 6.5 | 13d ago | The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and … | |
| CVE-2026-45339 | medium | 6.5 | 6.5 | 13d ago | Open WebUI's API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpoints | |
| CVE-2026-8570 | medium | 6.5 | 6.5 | 13d ago | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security sev… | |
| CVE-2026-8550 | medium | 6.5 | 6.5 | 13d ago | Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memo… | |
| CVE-2026-26062 | medium | 6.5 | 6.5 | 13d ago | Fleet server may terminate unexpectedly when handling certain gRPC requests | |
| CVE-2026-22706 | medium | 6.5 | 6.5 | 13d ago | Strapi: Password Reset Does Not Revoke Existing Refresh Sessions | |
| CVE-2026-42572 | medium | 6.5 | 6.5 | 13d ago | Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds` | |
| CVE-2026-41888 | medium | 6.5 | 6.5 | 13d ago | Distribution's tag deletion bypasses `storage.delete.enabled` configuration | |
| CVE-2026-44514 | medium | 6.5 | 6.5 | 14d ago | Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users | |
| CVE-2026-6478 | medium | 6.5 | 6.5 | 14d ago | Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 … | |
| CVE-2026-6670 | medium | 6.5 | 6.5 | 14d ago | The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation … | |
| CVE-2026-6225 | medium | 6.5 | 6.5 | 14d ago | The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' parameter in all versions u… | |
| CVE-2026-5193 | medium | 6.5 | 6.5 | 14d ago | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insu… | |
| CVE-2026-8280 | medium | 6.5 | 6.5 | 14d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause den… | |
| CVE-2026-4527 | medium | 6.5 | 6.5 | 14d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to creat… | |
| CVE-2026-4524 | medium | 6.5 | 6.5 | 14d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access… | |
| CVE-2026-5486 | medium | 6.5 | 6.5 | 14d ago | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.… | |
| CVE-2026-44448 | medium | 6.5 | 6.5 | 14d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyo… | |
| CVE-2026-44445 | medium | 6.5 | 6.5 | 14d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity (XXE) reference vulnerability in the EDI Module enab… | |
| CVE-2026-44426 | medium | 6.5 | 6.5 | 14d ago | ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check | |
| CVE-2026-44424 | medium | 6.5 | 6.5 | 14d ago | ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace | |
| CVE-2026-44423 | medium | 6.5 | 6.5 | 14d ago | ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data | |
| CVE-2026-44195 | medium | 6.5 | 6.5 | 14d ago | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication fa… | |
| CVE-2026-33378 | medium | 6.5 | 6.5 | 14d ago | Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the … | |
| CVE-2026-28383 | medium | 6.5 | 6.5 | 14d ago | A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-me… | |
| CVE-2026-28380 | medium | 6.5 | 6.5 | 14d ago | Any Editor could delete any snapshot, even if they have no access to read or write them. | |
| CVE-2026-28379 | medium | 6.5 | 6.5 | 14d ago | A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete ser… | |
| CVE-2026-28376 | medium | 6.5 | 6.5 | 14d ago | The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated us… | |
| CVE-2026-42580 | medium | 6.5 | 6.5 | 14d ago | Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing | |
| CVE-2026-22677 | medium | 6.5 | 6.5 | 14d ago | Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an… | |
| CVE-2026-44456 | medium | 6.5 | 6.5 | 15d ago | Hono: bodyLimit() can be bypassed for chunked / unknown-length requests | |
| CVE-2026-42946 | medium | 6.5 | 6.5 | 15d ago | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured… | |
| CVE-2026-42937 | medium | 6.5 | 6.5 | 15d ago | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attack… | |
| CVE-2026-42781 | medium | 6.5 | 6.5 | 15d ago | When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utiliz… | |
| CVE-2026-41959 | medium | 6.5 | 6.5 | 15d ago | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated… | |
| CVE-2026-41219 | medium | 6.5 | 6.5 | 15d ago | An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which ha… | |
| CVE-2026-40699 | medium | 6.5 | 6.5 | 15d ago | A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software ver… | |
| CVE-2026-40462 | medium | 6.5 | 6.5 | 15d ago | Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Softwa… | |
| CVE-2026-40460 | medium | 6.5 | 6.5 | 15d ago | When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limi… | |
| CVE-2026-35062 | medium | 6.5 | 6.5 | 15d ago | An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |
| CVE-2026-31156 | medium | 6.5 | 6.5 | 15d ago | A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path … | |
| CVE-2026-4608 | medium | 6.5 | 6.5 | 15d ago | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insuffic… | |
| CVE-2026-37429 | medium | 6.5 | 6.5 | 15d ago | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive dat… | |
| CVE-2026-37428 | medium | 6.5 | 6.5 | 15d ago | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive dat… | |
| CVE-2026-25107 | medium | 6.5 | 6.5 | 15d ago | ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of… | |
| CVE-2026-5545 | medium | 6.5 | 6.5 | 15d ago | libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a … | |
| CVE-2026-4782 | medium | 6.5 | 6.5 | 15d ago | The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with the 'custom_svg' parameter of… | |
| CVE-2026-7619 | medium | 6.5 | 6.5 | 15d ago | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, a… | |
| CVE-2026-8336 | medium | 6.5 | 6.5 | 15d ago | After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the se… | |
| CVE-2026-8202 | medium | 6.5 | 6.5 | 15d ago | Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilizatio… | |
| CVE-2026-8199 | medium | 6.5 | 6.5 | 15d ago | An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and … | |
| CVE-2026-28946 | medium | 6.5 | 6.5 | 15d ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari… | |
| CVE-2026-28942 | medium | 6.5 | 6.5 | 15d ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processin… |