|
1121
|
8.1 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS…
|
CWE-20
CWE-116
Improper Input Validation
Improper Encoding or Escaping of Output
|
CVE-2026-28907
|
2026-05-14 23:32 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1122
|
6.5 |
MEDIUM
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processin…
|
CWE-416
Use After Free
|
CVE-2026-28942
|
2026-05-14 23:32 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1123
|
9.9 |
CRITICAL
Network
|
microsoft
|
dynamics_365
|
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
|
CWE-94
Code Injection
|
CVE-2026-42898
|
2026-05-14 23:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1124
|
7.8 |
HIGH
Local
|
microsoft
|
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2025
|
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-42896
|
2026-05-14 23:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1125
|
7.5 |
HIGH
Network
|
microsoft
|
copilot_chat
|
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
|
CWE-77
Command Injection
|
CVE-2026-33111
|
2026-05-14 23:31 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1126
|
8.8 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti…
|
CWE-77
Command Injection
|
CVE-2026-44871
|
2026-05-14 23:29 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1127
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.…
|
CWE-89
SQL Injection
|
CVE-2026-5486
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1128
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.2…
|
CWE-80
Basic XSS
|
CVE-2025-15345
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1129
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks…
|
CWE-862
Missing Authorization
|
CVE-2026-3829
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1130
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in th…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5361
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
