Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 8,481 - 8,500 of 13,821 CVEs
CVE-2026-4766 MEDIUM - 6.4

The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes it ...

Published: Mar 25, 2026
Source: NVD
CVE-2026-4783 MEDIUM - 6.3

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter Handler. The manipulation of the argument course_code leads to sql injection. It is possible to initi...

Published: Mar 25, 2026
Source: NVD
CVE-2026-28895 MEDIUM - 4.6

The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode.

Vendor: Apple
Product: iOS and iPadOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28892 MEDIUM - 5.5

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.

Vendor: Apple
Product: macOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28890 MEDIUM - 5.5

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination.

Vendor: Apple
Product: Xcode
Published: Mar 25, 2026
Source: NVD
CVE-2026-28889 MEDIUM - 6.2

A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.

Vendor: Apple
Product: Xcode
Published: Mar 25, 2026
Source: NVD
CVE-2026-28888 MEDIUM - 5.1

A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain root privileges.

Vendor: Apple
Product: macOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28886 MEDIUM - 5.9

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A user in a privileged network position may be ...

Vendor: Apple
Product: iOS and iPadOS, macOS, tvOS, visionOS, watchOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28882 MEDIUM - 4.0

This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.

Vendor: Apple
Product: iOS and iPadOS, macOS, tvOS, visionOS, watchOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28881 MEDIUM - 5.5

A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.

Vendor: Apple
Product: macOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28880 MEDIUM - 6.5

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.

Vendor: Apple
Product: iOS and iPadOS, macOS, visionOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28879 MEDIUM - 6.5

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may lea...

Vendor: Apple
Product: iOS and iPadOS, macOS, tvOS, visionOS, watchOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28878 MEDIUM - 6.5

A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.

Vendor: Apple
Product: iOS and iPadOS, macOS, tvOS, visionOS, watchOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28877 MEDIUM - 5.5

An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.

Vendor: Apple
Product: iOS and iPadOS, macOS, visionOS, watchOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28871 MEDIUM - 4.3

A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.

Vendor: Apple
Product: Safari, iOS and iPadOS, macOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28870 MEDIUM - 5.5

An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.

Vendor: Apple
Product: iOS and iPadOS, macOS, tvOS, visionOS, watchOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28868 MEDIUM - 5.5

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to disclose kernel memory.

Vendor: Apple
Product: iOS and iPadOS, macOS, visionOS, watchOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28867 MEDIUM - 6.2

This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state.

Vendor: Apple
Product: iOS and iPadOS, macOS, tvOS, visionOS, watchOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28866 MEDIUM - 6.2

This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.

Vendor: Apple
Product: iOS and iPadOS, macOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-28863 MEDIUM - 6.5

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.

Vendor: Apple
Product: iOS and iPadOS, tvOS, visionOS, watchOS
Published: Mar 25, 2026
Source: NVD