Total CVEs

144,278

Critical Severity

4,164

High Severity

14,985

Last 7 Days

1,648
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,741 - 3,760 of 40,683 CVEs
CVE-2026-43706 MEDIUM - 6.5

A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Vendor: apple
Product: ipados
Published: Jun 29, 2026
Source: NVD
CVE-2026-43705 HIGH - 8.8

A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43704 MEDIUM - 5.3

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43703 MEDIUM - 6.5

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Vendor: apple
Product: ipados
Published: Jun 29, 2026
Source: NVD
CVE-2026-43701 HIGH - 7.1

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43700 MEDIUM - 6.5

A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43699 MEDIUM - 6.5

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43676 MEDIUM - 6.5

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43663 MEDIUM - 6.5

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-39872 MEDIUM - 6.5

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-39868 CRITICAL - 9.1

This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or corrupt kernel memory.

Vendor: apple
Product: ipados
Published: Jun 29, 2026
Source: NVD
CVE-2026-37637 CRITICAL - 9.1

An issue in Alexantr filemanager v.1.0 allows a remote attacker to execute arbitrary code via the filemanager.php component

Published: Jun 29, 2026
Source: NVD
CVE-2026-31016 MEDIUM - 6.5

Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7.21.0 and before allows a remote attacker to escalate privileges via the IdentityServer account profile endpoint

Published: Jun 29, 2026
Source: NVD
CVE-2026-28979 MEDIUM - 6.5

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-13763 CRITICAL - 9.8

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue ...

Vendor: AWS
Product: AWS Application Load Balancer
Published: Jun 29, 2026
Source: NVD
CVE-2026-13762 CRITICAL - 9.8

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was remed...

Vendor: AWS
Product: Amazon CloudFront
Published: Jun 29, 2026
Source: NVD
CVE-2026-13593 MEDIUM - 6.5

CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and whitespace.

Vendor: GTERMARS
Product: CSS::Minifier::XS
Published: Jun 29, 2026
Source: NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-57700. Reason: This candidate is a reservation duplicate of CVE-2026-57700. Notes: All CVE users should reference CVE-2026-57700 instead of this candidate. All references and descriptions in this candidate have been...

Published: Jun 29, 2026
Source: NVD
CVE-2026-58000 HIGH - 8.8

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the cl_meta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration ac...

Vendor: openwrt
Product: luci-proto-openvpn
Published: Jun 29, 2026
Source: NVD
CVE-2026-57999 HIGH - 8.8

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.do_login RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserver_authkey parameters are improperly quoted wi...

Vendor: openwrt
Product: luci-app-tailscale-community
Published: Jun 29, 2026
Source: NVD