|
2981
|
7.8 |
HIGH
Local
|
-
|
-
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.
|
CWE-269
Improper Privilege Management
|
CVE-2025-43306
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2982
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
|
CWE-284
Improper Access Control
|
CVE-2025-43451
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2983
|
5.5 |
MEDIUM
Local
|
-
|
-
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.
|
CWE-125
Out-of-bounds Read
|
CVE-2025-46280
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2984
|
7.0 |
HIGH
Local
|
-
|
-
|
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges.
|
CWE-362
Race Condition
|
CVE-2025-46284
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2985
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
|
CWE-284
Improper Access Control
|
CVE-2025-46307
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2986
|
7.1 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Woocommerce Envato Affiliates: from n…
|
CWE-862
Missing Authorization
|
CVE-2025-14361
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2987
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access cont…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9580
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2988
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site …
|
CWE-352
CWE-862
Origin Validation Error
Missing Authorization
|
CVE-2026-9582
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2989
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql in…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9584
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2990
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument I…
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2026-9603
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
