Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,863
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,821 - 9,840 of 37,677 CVEs
CVE-2026-42015 MEDIUM - 5.3

A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of s...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images, Red Hat OpenShift Container Platform 4
Published: May 26, 2026
Source: NVD
CVE-2026-42013 HIGH - 8.2

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images, Red Hat OpenShift Container Platform 4
Published: May 26, 2026
Source: NVD
CVE-2026-42012 HIGH - 7.1

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images, Red Hat OpenShift Container Platform 4
Published: May 26, 2026
Source: NVD
CVE-2025-46307 MEDIUM - 5.5

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.

Vendor: Apple
Product: macOS
Published: May 26, 2026
Source: NVD
CVE-2025-46284 HIGH - 7.0

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges.

Vendor: Apple
Product: macOS
Published: May 26, 2026
Source: NVD
CVE-2025-46280 MEDIUM - 5.5

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.

Vendor: Apple
Product: macOS
Published: May 26, 2026
Source: NVD
CVE-2025-43451 MEDIUM - 5.5

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.

Vendor: Apple
Product: macOS
Published: May 26, 2026
Source: NVD
CVE-2025-43306 HIGH - 7.8

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.

Vendor: Apple
Product: macOS
Published: May 26, 2026
Source: NVD
CVE-2025-43290 MEDIUM - 5.5

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system.

Vendor: Apple
Product: macOS
Published: May 26, 2026
Source: NVD
CVE-2025-43289 MEDIUM - 5.5

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data.

Vendor: Apple
Product: macOS
Published: May 26, 2026
Source: NVD
CVE-2026-9642 CRITICAL - 9.8

There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access) An unauthenticated remote attacker can access configured databases in a DIAView project.

Vendor: deltaww
Product: diaview
Published: May 26, 2026
Source: NVD
CVE-2026-9583 MEDIUM - 4.3

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be per...

Published: May 26, 2026
Source: NVD
CVE-2026-9582 MEDIUM - 4.3

A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been released to ...

Published: May 26, 2026
Source: NVD
CVE-2026-9581 MEDIUM - 6.3

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 3.9.2...

Published: May 26, 2026
Source: NVD
CVE-2026-9580 HIGH - 7.3

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may ...

Published: May 26, 2026
Source: NVD
CVE-2026-9579 MEDIUM - 6.3

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit has...

Published: May 26, 2026
Source: NVD
CVE-2026-8676 HIGH - 8.8

An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.

Published: May 26, 2026
Source: NVD

Uncontrolled Resource Consumption vulnerability in oban-bg oban_web ('Elixir.Oban.Web.CronExpr' modules) allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 * *"...

Vendor: oban-bg
Product: oban_web
Published: May 26, 2026
Source: NVD

Missing Authorization vulnerability in oban-bg oban_web ('Elixir.Oban.Web.Jobs.DetailComponent' modules) allows unauthorized job worker substitution. The handle_event("save-job", ...) handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization c...

Vendor: oban-bg
Product: oban_web
Published: May 26, 2026
Source: NVD
CVE-2026-47672 MEDIUM - 6.5

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment (e.g....

Vendor: oviva-ag
Product: epa4all-client
Published: May 26, 2026
Source: NVD