CVEs from 2026
Total
13,613
critical
critical 1,176
high
high 4,271
medium
medium 4,150
low
low 441
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8280 | medium | 6.5 | 6.5 | 17d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause den… | |||
| CVE-2026-4527 | medium | 6.5 | 6.5 | 17d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to creat… | |||
| CVE-2026-4524 | medium | 6.5 | 6.5 | 17d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access… | |||
| CVE-2026-5486 | medium | 6.5 | 6.5 | 17d ago | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.… | |||
| CVE-2026-44448 | medium | 6.5 | 6.5 | 17d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyo… | |||
| CVE-2026-44445 | medium | 6.5 | 6.5 | 17d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity (XXE) reference vulnerability in the EDI Module enab… | |||
| CVE-2026-44426 | medium | 6.5 | 6.5 | 17d ago | ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check | |||
| CVE-2026-44424 | medium | 6.5 | 6.5 | 17d ago | ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace | |||
| CVE-2026-44423 | medium | 6.5 | 6.5 | 17d ago | ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data | |||
| CVE-2026-44195 | medium | 6.5 | 6.5 | 17d ago | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication fa… | |||
| CVE-2026-33378 | medium | 6.5 | 6.5 | 17d ago | Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the … | |||
| CVE-2026-28383 | medium | 6.5 | 6.5 | 17d ago | A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-me… | |||
| CVE-2026-28380 | medium | 6.5 | 6.5 | 17d ago | Any Editor could delete any snapshot, even if they have no access to read or write them. | |||
| CVE-2026-28379 | medium | 6.5 | 6.5 | 17d ago | A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete ser… | |||
| CVE-2026-28376 | medium | 6.5 | 6.5 | 17d ago | The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated us… | |||
| CVE-2026-42580 | medium | 6.5 | 6.5 | 17d ago | Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing | |||
| CVE-2026-22677 | medium | 6.5 | 6.5 | 17d ago | Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an… | |||
| CVE-2026-44456 | medium | 6.5 | 6.5 | 17d ago | Hono: bodyLimit() can be bypassed for chunked / unknown-length requests | |||
| CVE-2026-42946 | medium | 6.5 | 6.5 | 17d ago | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured… | |||
| CVE-2026-42937 | medium | 6.5 | 6.5 | 17d ago | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attack… | |||
| CVE-2026-42781 | medium | 6.5 | 6.5 | 17d ago | When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utiliz… | |||
| CVE-2026-41959 | medium | 6.5 | 6.5 | 17d ago | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated… | |||
| CVE-2026-41219 | medium | 6.5 | 6.5 | 17d ago | An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which ha… | |||
| CVE-2026-40699 | medium | 6.5 | 6.5 | 17d ago | A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software ver… | |||
| CVE-2026-40462 | medium | 6.5 | 6.5 | 17d ago | Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Softwa… | |||
| CVE-2026-40460 | medium | 6.5 | 6.5 | 17d ago | When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limi… | |||
| CVE-2026-35062 | medium | 6.5 | 6.5 | 17d ago | An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2026-31156 | medium | 6.5 | 6.5 | 17d ago | A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path … | |||
| CVE-2026-44796 | medium | 6.5 | 6.5 | 17d ago | Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to a… | |||
| CVE-2026-4608 | medium | 6.5 | 6.5 | 18d ago | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insuffic… | |||
| CVE-2026-37429 | medium | 6.5 | 6.5 | 18d ago | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive dat… | |||
| CVE-2026-37428 | medium | 6.5 | 6.5 | 18d ago | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive dat… | |||
| CVE-2026-25107 | medium | 6.5 | 6.5 | 18d ago | ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of… | |||
| CVE-2026-5545 | medium | 6.5 | 6.5 | 18d ago | libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a … | |||
| CVE-2026-4782 | medium | 6.5 | 6.5 | 18d ago | The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with the 'custom_svg' parameter of… | |||
| CVE-2026-7619 | medium | 6.5 | 6.5 | 18d ago | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, a… | |||
| CVE-2026-8336 | medium | 6.5 | 6.5 | 18d ago | After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the se… | |||
| CVE-2026-8202 | medium | 6.5 | 6.5 | 18d ago | Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilizatio… | |||
| CVE-2026-8199 | medium | 6.5 | 6.5 | 18d ago | An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and … | |||
| CVE-2026-28946 | medium | 6.5 | 6.5 | 18d ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari… | |||
| CVE-2026-28942 | medium | 6.5 | 6.5 | 18d ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processin… | |||
| CVE-2026-28903 | medium | 6.5 | 6.5 | 18d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS … | |||
| CVE-2026-28902 | medium | 6.5 | 6.5 | 18d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously c… | |||
| CVE-2026-44347 | medium | 6.5 | 6.5 | 18d ago | Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user in… | |||
| CVE-2026-44223 | medium | 6.5 | 6.5 | 18d ago | vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect sh… | |||
| CVE-2026-44204 | medium | 6.5 | 6.5 | 18d ago | Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user (any role)… | |||
| CVE-2026-42891 | medium | 6.5 | 6.5 | 18d ago | <p>User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.</p> | |||
| CVE-2026-42830 | medium | 6.5 | 6.5 | 18d ago | <p>Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-42175 | medium | 6.5 | 6.5 | 18d ago | requests-hardened is Vulnerable to Server-Side Request Forgery | |||
| CVE-2026-40374 | medium | 6.5 | 6.5 | 18d ago | <p>Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.</p> | |||
| CVE-2026-35422 | medium | 6.5 | 6.5 | 18d ago | <p>Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.</p> | |||
| CVE-2026-34350 | medium | 6.5 | 6.5 | 18d ago | <p>Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.</p> | |||
| CVE-2026-31244 | medium | 6.5 | 6.5 | 18d ago | The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrar… | |||
| CVE-2026-31243 | medium | 6.5 | 6.5 | 18d ago | The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacke… | |||
| CVE-2026-31241 | medium | 6.5 | 6.5 | 18d ago | mem0 server lacks authentication and authorization controls for its memory deletion API endpoint | |||
| CVE-2026-25690 | medium | 6.5 | 6.5 | 18d ago | An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2… | |||
| CVE-2026-40300 | medium | 6.5 | 6.5 | 18d ago | Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allo… | |||
| CVE-2026-8368 | medium | 6.5 | 6.5 | 18d ago | LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before … | |||
| CVE-2026-8109 | medium | 6.5 | 6.5 | 18d ago | An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. | |||
| CVE-2026-40016 | medium | 6.5 | 6.5 | 19d ago | Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to deg… | |||
| CVE-2026-6402 | medium | 6.5 | 6.5 | 19d ago | webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins | |||
| CVE-2026-5028 | medium | 6.5 | 6.5 | 19d ago | The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action in all versions up to, and includ… | |||
| CVE-2026-7255 | medium | 6.5 | 6.5 | 19d ago | ** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could a… | |||
| CVE-2026-40135 | medium | 6.5 | 6.5 | 19d ago | An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially c… | |||
| CVE-2026-7010 | medium | 6.5 | 6.5 | 19d ago | HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host t… | |||
| CVE-2026-44695 | medium | 6.5 | 6.5 | 19d ago | Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A… | |||
| CVE-2026-43889 | medium | 6.5 | 6.5 | 19d ago | Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifie… | |||
| CVE-2026-34960 | medium | 6.5 | 6.5 | 19d ago | barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within … | |||
| CVE-2026-42883 | medium | 6.5 | 6.5 | 19d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in t… | |||
| CVE-2026-42316 | medium | 6.5 | 6.5 | 19d ago | kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the k… | |||
| CVE-2026-42315 | medium | 6.5 | 6.5 | 19d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_… | |||
| CVE-2026-42314 | medium | 6.5 | 6.5 | 19d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ … | |||
| CVE-2026-8292 | medium | 6.5 | 6.5 | 19d ago | A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argu… | |||
| CVE-2026-8291 | medium | 6.5 | 6.5 | 19d ago | A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial… | |||
| CVE-2026-7820 | medium | 6.5 | 6.5 | 19d ago | pgAdmin 4: Improper restriction of excessive authentication attempts | |||
| CVE-2026-7817 | medium | 6.5 | 6.5 | 19d ago | pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities | |||
| CVE-2026-44199 | medium | 6.5 | 6.5 | 19d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't hav… | |||
| CVE-2026-44197 | medium | 6.5 | 6.5 | 19d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revis… | |||
| CVE-2026-31246 | medium | 6.5 | 6.5 | 19d ago | GPT-Pilot contains a command injection vulnerability in the Executor.run() method | |||
| CVE-2026-8290 | medium | 6.5 | 6.5 | 20d ago | A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulat… | |||
| CVE-2026-8289 | medium | 6.5 | 6.5 | 20d ago | A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipu… | |||
| CVE-2026-8288 | medium | 6.5 | 6.5 | 20d ago | A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Exec… | |||
| CVE-2026-43826 | medium | 6.5 | 6.5 | 20d ago | The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embed… | |||
| CVE-2026-41018 | medium | 6.5 | 6.5 | 20d ago | The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the em… | |||
| CVE-2026-5084 | medium | 6.5 | 6.5 | 20d ago | WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function… | |||
| CVE-2026-8270 | medium | 6.5 | 6.5 | 20d ago | A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead to denial of service. The a… | |||
| CVE-2026-8269 | medium | 6.5 | 6.5 | 20d ago | A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smf_nsmf_handle_create_sm_context of the component SMF. Performing a manipulation results in denial of service. Remote explo… | |||
| CVE-2026-8268 | medium | 6.5 | 6.5 | 20d ago | A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPI_list_create of the component SMF. Such manipulation leads to denial of service. The attack may be launch… | |||
| CVE-2026-8267 | medium | 6.5 | 6.5 | 20d ago | A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack… | |||
| CVE-2026-8266 | medium | 6.5 | 6.5 | 20d ago | A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation resul… | |||
| CVE-2026-8252 | medium | 6.5 | 6.5 | 20d ago | A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference… | |||
| CVE-2026-28922 | medium | 6.5 | 6.5 | 20d ago | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information. | |||
| CVE-2026-28956 | medium | 6.5 | 6.5 | 20d ago | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, vision… | |||
| CVE-2026-28920 | medium | 6.5 | 6.5 | 20d ago | An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe … | |||
| CVE-2026-28878 | medium | 6.5 | 6.5 | 20d ago | A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.7, macOS Sonoma 14.8.5, macOS Tahoe 26.4, t… | |||
| CVE-2026-28918 | medium | 6.5 | 6.5 | 20d ago | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a malicio… | |||
| CVE-2026-28972 | medium | 6.5 | 6.5 | 20d ago | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, ma… | |||
| CVE-2026-8251 | medium | 6.5 | 6.5 | 20d ago | A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation resu… | |||
| CVE-2026-8250 | medium | 6.5 | 6.5 | 20d ago | A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smf_n4_build_qos_flow_to_modify_list of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to … | |||
| CVE-2026-8249 | medium | 6.5 | 6.5 | 20d ago | A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation cause… |