|
2491
|
8.8 |
HIGH
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its san…
|
CWE-284
Improper Access Control
|
CVE-2026-28978
|
2026-05-13 23:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2492
|
7.8 |
HIGH
Local
|
adobe
|
premiere_pro
|
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34636
|
2026-05-13 23:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2493
|
7.8 |
HIGH
Local
|
adobe
|
premiere_pro
|
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34637
|
2026-05-13 23:30 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2494
|
7.8 |
HIGH
Local
|
adobe
|
premiere_pro
|
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this …
|
CWE-416
Use After Free
|
CVE-2026-34638
|
2026-05-13 23:28 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2495
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A r…
|
CWE-843
Type Confusion
|
CVE-2026-28983
|
2026-05-13 23:22 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2496
|
6.5 |
MEDIUM
Network
|
apache
|
apache-airflow-providers-elasticsearch
|
The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the em…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41018
|
2026-05-13 23:22 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2497
|
5.9 |
MEDIUM
Local
|
-
|
-
|
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perfo…
|
-
|
CVE-2026-6815
|
2026-05-13 23:18 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2498
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.
Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data d…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-6146
|
2026-05-13 23:18 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2499
|
7.3 |
HIGH
Network
|
-
|
-
|
A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advanc…
|
-
|
CVE-2026-5172
|
2026-05-13 23:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2500
|
9.6 |
CRITICAL
Network
|
electerm_project
|
electerm
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links…
|
CWE-20
CWE-94
CWE-829
Improper Input Validation
Code Injection
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43944
|
2026-05-13 23:17 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
