Total CVEs

144,714

Critical Severity

4,191

High Severity

15,264

Last 7 Days

1,966
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 4,141 - 4,160 of 41,119 CVEs
CVE-2026-34597 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticated Host Remote Code Execution (RCE) vulnerability was discovered in Coolify. The flaw resides in the handling of user-defined build parameters for the Ni...

Vendor: coollabsio
Product: coolify
Published: Jun 29, 2026
Source: NVD
CVE-2026-34594 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitrary ...

Vendor: coollabsio
Product: coolify
Published: Jun 29, 2026
Source: NVD

CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path. The decrypt_done($tag) form compares it against the computed tag with memNE (memcmp() != 0), which short-circuits on the first differing byte, so its run time depends ...

Vendor: MIK
Product: CryptX
Published: Jun 29, 2026
Source: NVD
CVE-2026-57919 HIGH - 7.8

PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trig...

Published: Jun 29, 2026
Source: NVD
CVE-2026-57498 CRITICAL - 9.6

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Server::whereTeamId($teamId) before any operation. However, multiple Livewire web UI components acce...

Vendor: coollabsio
Product: coolify
Published: Jun 29, 2026
Source: NVD
CVE-2026-56018 HIGH - 7.5

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth. In JsMinify (XS.xs) the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes with...

Vendor: GTERMARS
Product: JavaScript::Minifier::XS
Published: Jun 29, 2026
Source: NVD
CVE-2026-56017 HIGH - 7.5

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTokenizeString (XS.xs) inspects the previous token's last byte to choose between a regexp literal ...

Vendor: GTERMARS
Product: JavaScript::Minifier::XS
Published: Jun 29, 2026
Source: NVD

Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':to_delta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':default_co...

Vendor: leandrocp
Product: mdex
Published: Jun 29, 2026
Source: NVD

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document{} struct and Comrak's internal AST using two mutually recursive Rust functions, ex_document_to_comrak_ast and comrak_ast_to_ex_docume...

Vendor: leandrocp
Product: mdex, mdex_native
Published: Jun 29, 2026
Source: NVD

Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a documen...

Vendor: leandrocp
Product: mdex, mdex_native
Published: Jun 29, 2026
Source: NVD

Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parse_document/2 accepts a {:json, json} source. In lib/mdex.ex, the private json_to_node/1 function passes the attacker-controlled node_type value to Module.concat/1, which calls ...

Vendor: leandrocp
Product: mdex
Published: Jun 29, 2026
Source: NVD
CVE-2026-43746 MEDIUM - 6.5

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43745 MEDIUM - 6.5

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43743 MEDIUM - 4.7

A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination.

Vendor: apple
Product: ipados
Published: Jun 29, 2026
Source: NVD
CVE-2026-43742 MEDIUM - 6.5

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43740 MEDIUM - 6.5

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may result in the disclosure of process memory.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43735 HIGH - 8.1

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43734 MEDIUM - 6.5

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43732 MEDIUM - 6.5

A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD
CVE-2026-43731 HIGH - 8.8

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.

Vendor: apple
Product: safari
Published: Jun 29, 2026
Source: NVD