|
1961
|
4.3 |
MEDIUM
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-28901
|
2026-05-14 06:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1962
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processin…
|
CWE-416
Use After Free
|
CVE-2026-28883
|
2026-05-14 06:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1963
|
5.3 |
MEDIUM
Network
|
protobufjs_project
|
protobufjs
|
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties ob…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44292
|
2026-05-14 05:58 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1964
|
8.8 |
HIGH
Network
|
protobufjs_project
|
protobufjs
|
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived f…
|
CWE-94
Code Injection
|
CVE-2026-44293
|
2026-05-14 05:56 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1965
|
5.3 |
MEDIUM
Network
|
protobufjs_project
|
protobufjs
|
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Cer…
|
CWE-20
Improper Input Validation
|
CVE-2026-44294
|
2026-05-14 05:55 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1966
|
8.8 |
HIGH
Network
|
microsoft
|
sharepoint_server
|
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-33110
|
2026-05-14 05:53 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1967
|
8.8 |
HIGH
Network
|
microsoft
|
sharepoint_server
|
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-33112
|
2026-05-14 05:53 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1968
|
8.8 |
HIGH
Network
|
microsoft
|
sharepoint_server
|
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-35439
|
2026-05-14 05:53 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1969
|
8.8 |
HIGH
Network
|
microsoft
|
sharepoint_server
|
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-40365
|
2026-05-14 05:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1970
|
8.0 |
HIGH
Network
|
microsoft
|
sharepoint_server
|
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40368
|
2026-05-14 05:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
