|
1841
|
6.5 |
MEDIUM
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processin…
|
CWE-416
Use After Free
|
CVE-2026-28942
|
2026-05-14 23:32 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1842
|
9.9 |
CRITICAL
Network
|
microsoft
|
dynamics_365
|
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
|
CWE-94
Code Injection
|
CVE-2026-42898
|
2026-05-14 23:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1843
|
7.8 |
HIGH
Local
|
microsoft
|
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2025
|
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-42896
|
2026-05-14 23:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1844
|
7.5 |
HIGH
Network
|
microsoft
|
copilot_chat
|
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
|
CWE-77
Command Injection
|
CVE-2026-33111
|
2026-05-14 23:31 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1845
|
8.8 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti…
|
CWE-77
Command Injection
|
CVE-2026-44871
|
2026-05-14 23:29 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1846
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.…
|
CWE-89
SQL Injection
|
CVE-2026-5486
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1847
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in th…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5361
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1848
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying tha…
|
CWE-862
Missing Authorization
|
CVE-2026-7525
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1849
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7648
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1850
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.2…
|
CWE-80
Basic XSS
|
CVE-2025-15345
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
