|
1221
|
5.5 |
MEDIUM
Local
|
jqlang
|
jq
|
jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-43896
|
2026-05-14 07:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1222
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and …
|
CWE-1325
Improperly Controlled Sequential Memory Allocation
|
CVE-2026-8199
|
2026-05-14 07:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1223
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php.
This issue affects …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-34095
|
2026-05-14 07:30 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1224
|
- |
|
-
|
-
|
Rejected reason: This CVE is a duplicate of another CVE.
|
-
|
CVE-2026-40328
|
2026-05-14 07:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1225
|
- |
|
-
|
-
|
Rejected reason: This CVE is a duplicate of another CVE.
|
-
|
CVE-2026-40327
|
2026-05-14 07:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1226
|
8.8 |
HIGH
Network
|
-
|
-
|
Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.
|
CWE-94
Code Injection
|
CVE-2026-29202
|
2026-05-14 07:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1227
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.
|
CWE-23
Relative Path Traversal
|
CVE-2026-29201
|
2026-05-14 07:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1228
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 2…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-43660
|
2026-05-14 06:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1229
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-43658
|
2026-05-14 06:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1230
|
4.3 |
MEDIUM
Network
|
apple
|
ipados
iphone_os
macos
visionos
|
The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-28971
|
2026-05-14 06:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
