|
241
|
7.5 |
HIGH
Network
|
-
|
-
|
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-28846
|
2026-05-13 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
242
|
5.4 |
MEDIUM
Network
|
-
|
-
|
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may …
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-28819
|
2026-05-13 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
243
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
New
|
CWE-415
Double Free
|
CVE-2026-21530
|
2026-05-13 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
244
|
- |
|
-
|
-
|
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-20767
|
2026-05-13 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245
|
- |
|
-
|
-
|
Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with a…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-20714
|
2026-05-13 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246
|
7.5 |
HIGH
Network
|
-
|
-
|
docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.
New
|
CWE-22
Path Traversal
|
CVE-2025-65418
|
2026-05-13 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247
|
5.5 |
MEDIUM
Local
|
python
|
pillow
|
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polyg…
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42309
|
2026-05-13 02:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248
|
5.5 |
MEDIUM
Local
|
python
|
pillow
|
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42308
|
2026-05-13 02:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249
|
5.5 |
MEDIUM
Local
|
python
|
pillow
|
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the…
Update
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-42310
|
2026-05-13 02:55 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250
|
4.7 |
MEDIUM
Local
|
apple
|
ipados
iphone_os
macos
visionos
|
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, …
New
|
CWE-362
Race Condition
|
CVE-2026-43659
|
2026-05-13 02:51 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
