|
1371
|
9.1 |
CRITICAL
Network
|
vmware
|
spring_cloud_config
|
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially cra…
|
CWE-22
Path Traversal
|
CVE-2026-40982
|
2026-05-13 02:30 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1372
|
8.1 |
HIGH
Network
|
vmware
|
spring_cloud_config
|
The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks.
Spring …
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-41002
|
2026-05-13 02:29 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1373
|
6.2 |
MEDIUM
Local
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 2…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-28897
|
2026-05-13 02:27 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1374
|
8.8 |
HIGH
Local
|
apple
|
macos
|
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-28923
|
2026-05-13 02:24 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1375
|
7.5 |
HIGH
Network
|
apple
|
macos
|
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts with…
|
CWE-362
Race Condition
|
CVE-2026-28924
|
2026-05-13 02:24 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1376
|
7.5 |
HIGH
Network
|
apple
|
macos
|
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termin…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-28925
|
2026-05-13 02:24 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1377
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
|
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Replying to an email could display …
|
CWE-1254
Incorrect Comparison Logic Granularity
|
CVE-2026-28929
|
2026-05-13 02:24 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1378
|
7.8 |
HIGH
Local
|
apple
|
ipados
iphone_os
macos
|
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Ta…
|
CWE-863
Incorrect Authorization
|
CVE-2026-28951
|
2026-05-13 02:23 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1379
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
|
A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted …
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-28954
|
2026-05-13 02:21 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1380
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation resul…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8266
|
2026-05-13 02:20 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
