|
2491
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
visionos
|
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. Processing a malicio…
|
CWE-20
Improper Input Validation
|
CVE-2026-28936
|
2026-05-14 23:01 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2492
|
4.6 |
MEDIUM
Physics
|
apple
|
macos
|
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-28961
|
2026-05-14 23:01 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2493
|
6.2 |
MEDIUM
Local
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 2…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-28977
|
2026-05-14 23:01 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2494
|
5.3 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick…
|
CWE-78
OS Command
|
CVE-2026-44656
|
2026-05-14 22:59 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2495
|
5.3 |
MEDIUM
Network
|
python
|
urllib3
|
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=Fa…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-44431
|
2026-05-14 22:56 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2496
|
4.4 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a cr…
|
CWE-78
OS Command
|
CVE-2026-42307
|
2026-05-14 22:55 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2497
|
5.3 |
MEDIUM
Network
|
redwoodjs
|
redwoodsdk
|
RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating…
|
CWE-352
Origin Validation Error
|
CVE-2026-42190
|
2026-05-14 22:54 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2498
|
7.2 |
HIGH
Network
|
claris
|
filemaker_cloud
|
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operat…
|
CWE-94
Code Injection
|
CVE-2026-43680
|
2026-05-14 22:53 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2499
|
7.2 |
HIGH
Network
|
claris
|
filemaker_cloud
|
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External OD…
|
CWE-78
OS Command
|
CVE-2026-43685
|
2026-05-14 22:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2500
|
7.5 |
HIGH
Network
|
python
|
urllib3
|
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) c…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-44432
|
2026-05-14 22:49 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
