|
1811
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watch…
|
CWE-284
Improper Access Control
|
CVE-2026-28974
|
2026-05-13 03:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1812
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
|
A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.5 and iPadOS 26.5. A user may be able to view restricted content from the lock screen.
|
CWE-284
Improper Access Control
|
CVE-2026-28965
|
2026-05-13 03:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1813
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
visionos
|
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-28964
|
2026-05-13 03:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1814
|
4.4 |
MEDIUM
Local
|
anthropic
|
claude_sdk_for_typescript
|
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41686
|
2026-05-13 03:37 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1815
|
- |
|
-
|
-
|
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects.
On a 3xx response, the redirect handler strips only Host and Cookie before …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-8368
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1816
|
4.2 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/PayPalYPT/agreementCancel.json.php cancels a PayPal billing agreement using an attacker-supplied agreement p…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-43883
|
2026-05-13 03:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1817
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the de…
|
CWE-352
Origin Validation Error
|
CVE-2026-43877
|
2026-05-13 03:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1818
|
7.3 |
HIGH
Network
|
-
|
-
|
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script l…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31249
|
2026-05-13 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1819
|
7.5 |
HIGH
Network
|
-
|
-
|
docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.
|
CWE-22
Path Traversal
|
CVE-2025-65418
|
2026-05-13 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1820
|
5.5 |
MEDIUM
Local
|
python
|
pillow
|
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polyg…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42309
|
2026-05-13 02:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
