Skip to main content
CVE-2026-7656 MEDIUM POC PATCH This Month

Forged IPv6 Neighbor Discovery acceptance in the Zephyr RTOS network stack (all releases through v4.4.0) lets an adjacent on-link attacker inject spoofed Router Advertisement, Neighbor Solicitation, and Neighbor Advertisement messages because an operator-precedence bug in subsys/net/ip/ipv6_nbr.c silently skips every RFC 4861 sanity check whenever the (always-present) ICMPv6 code is 0. Because the bypassed checks include the Hop-Limit==255 on-link proof, even off-link/remote attackers may have forged ND packets accepted, enabling default-router/DNS/SLAAC hijacking and neighbor-cache poisoning for man-in-the-middle, redirection, and denial of service. A vendor patch exists (commit 095f064c) but there is no public exploit identified at time of analysis and the issue is not in CISA KEV.

Denial Of Service Zephyr
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.2%
CVE-2026-50229 MEDIUM POC PATCH This Month

Reflected XSS in Apache Tomcat's bundled 'number guess' example application exposes users of that demo page to script injection across all major Tomcat release lines from 7.0 through 11.0. The flaw resides in a sample JSP/servlet, not the core Tomcat runtime, meaning exploitation depends entirely on the example application being deployed and accessible - a configuration that violates standard production hardening guidance. No public exploit code or active exploitation has been identified at time of analysis; no CVSS vector was assigned by the reporter.

XSS Tomcat Apache Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-13528 MEDIUM POC PATCH This Month

Path traversal in the ruoyi-vue-pro file upload endpoint exposes unauthenticated remote attackers to arbitrary file read and write operations via the `generateUploadPath` function in `FileServiceImpl.java`. All versions up to 2026.04-jdk8-SNAPSHOT are confirmed affected across both the YunaiV (GitHub) and zhijiantianya (Gitee) vendor distributions. Publicly available exploit code exists via GitHub issue #1146; no CISA KEV listing is present, but the unauthenticated network vector combined with a public proof-of-concept materially elevates operational risk above the CVSS 4.0 base score of 6.9 alone.

Java Path Traversal File Upload Ruoyi Vue Pro
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-13546 MEDIUM POC This Month

Unauthenticated access to the /api/articles REST API endpoint in Feehi CMS up to version 2.1.1 exposes article management functions without any credential verification, allowing remote attackers to interact with CMS content at low complexity and zero privilege. A publicly available proof-of-concept exploit exists via a GitHub issue report. The vendor has not responded to the disclosure, leaving installations without an official patch; no KEV listing indicates no confirmed mass exploitation at time of analysis, but the no-authentication network vector makes this trivially accessible to any internet-facing attacker.

Authentication Bypass Cms
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-13592 MEDIUM POC This Month

Out-of-bounds write in CIPster's EtherNet/IP Message Handler exposes industrial automation devices to remote memory corruption through the BufWriter::append function. Unauthenticated remote attackers reachable on the EtherNet/IP network can send crafted protocol messages to corrupt adjacent memory, with potential for service disruption or, with further research, arbitrary code execution on embedded OT devices. A public proof-of-concept exploit (poc.zip) has been released, materially increasing risk for OT/ICS operators running this open-source CIP stack despite the moderate CVSS 4.0 score of 5.5.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-13533 MEDIUM POC This Month

Unauthenticated remote file and directory exposure in agentejo Cockpit CMS 0.12.2 and earlier allows attackers to access files outside the web root via path traversal through the htaccess Handler's YAML configuration loader. The root cause is CWE-552 (Files or Directories Accessible to External Parties), triggered by unsafe processing of /config/config.yaml via the Spyc::YAMLLoad function, which can expose sensitive configuration data including credentials or internal path structures. A public exploit proof-of-concept exists on GitHub; no vendor patch has been issued, as the vendor did not respond to coordinated disclosure.

Path Traversal Information Disclosure Cockpit Cms
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-13547 MEDIUM POC This Month

Unrestricted file upload in Hanwang e-Face General Management Platform 6.3.5.4 exposes unauthenticated remote attackers to arbitrary file upload via the /manage/resourceUpload/upload.do endpoint, with no input validation on file type or content per CWE-434. The CVSS 4.0 vector (PR:N, AC:L, AT:N) confirms the endpoint requires no authentication and is reachable over the network without special conditions. A publicly available proof-of-concept exploit has been disclosed via a Feishu wiki document, meaning exploitation tooling is accessible to low-skilled actors; this CVE is not yet listed in the CISA KEV catalog at time of analysis.

File Upload E Face General Management Platform
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-13521 MEDIUM POC This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to manipulate database queries via the `course_year_section` parameter in /preview5.php. The input is passed directly into SQL queries without sanitization (CWE-89), enabling data extraction, modification, or availability disruption. A public proof-of-concept exploit is available on GitHub, and no patch has been identified at time of analysis.

SQLi PHP Class And Exam Timetabling System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-13566 MEDIUM POC This Month

Unauthenticated SQL injection in SourceCodester Class and Exam Timetabling System 1.0 exposes backend database contents via the `course_year_section` parameter in `/preview3.php`. The CVSS 4.0 vector confirms network-accessible, no-authentication, no-interaction exploitation (AV:N/AC:L/PR:N/UI:N), and exploit code is publicly available (E:P on GitHub). No active exploitation is confirmed in CISA KEV, but the public POC lowers the bar for opportunistic attacks against any publicly exposed instance.

SQLi PHP Class And Exam Timetabling System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-13551 MEDIUM POC This Month

SQL injection in itsourcecode Baptism Information Management System 1.0 exposes database contents to remote unauthenticated attackers via the ID parameter in /editBaptism.php. A publicly available proof-of-concept exploit exists on GitHub, enabling data exfiltration or modification without any credentials or user interaction. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/E:P) confirms low-complexity remote exploitation with no special conditions required, and no vendor-released patch has been identified.

SQLi PHP Baptism Information Management System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-13550 MEDIUM POC This Month

SQL injection in itsourcecode Baptism Information Management System 1.0 exposes the `/delbaptism.php` endpoint to remote database manipulation via an unsanitized `ID` parameter. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) confirms this requires no authentication or user interaction against any network-accessible instance. A public proof-of-concept exploit exists on GitHub, making this immediately weaponizable against any exposed deployment, though the application is not listed in CISA KEV and its niche footprint substantially limits aggregate exposure.

SQLi PHP Baptism Information Management System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-13527 MEDIUM POC This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 exposes the `/preview4.php` endpoint to unauthenticated remote attackers via the `course_year_section` parameter. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero-prerequisite network exploitation against default deployments, with low-level impact across confidentiality, integrity, and availability of the backend database. No public exploit identified at time of analysis is incorrect here - a public proof-of-concept has been disclosed on GitHub (E:P maturity confirmed), meaningfully lowering the barrier for opportunistic and automated attacks against academic institutions running this software.

SQLi PHP Class And Exam Timetabling System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-13526 MEDIUM POC This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 exposes the `/edit_class.php` endpoint to unauthenticated remote database manipulation via the unsanitized `ID` parameter. Per the CVSS 4.0 vector (PR:N, UI:N, AC:L), no authentication or user interaction is required to initiate the attack, and a public proof-of-concept exploit is available on GitHub. No vendor patch has been identified at time of analysis, leaving deployments with no vendor-sanctioned remediation path.

SQLi PHP Class And Exam Timetabling System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-13571 MEDIUM POC This Month

Price parameter manipulation in SourceCodester Simple Food Ordering System 1.0 allows unauthenticated remote attackers to submit orders at arbitrary prices by modifying the item_price argument in POST requests to /cart.php. The server trusts client-supplied price data without server-side validation, enabling business logic bypass (CWE-840) that could result in financial loss for system operators. A public proof-of-concept exploit is available on GitHub; however, this vulnerability is not currently listed in the CISA KEV catalog.

Information Disclosure PHP Simple Food Ordering System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-13565 MEDIUM POC This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 exposes database contents through the unsanitized ID parameter in /edit_class1.php, exploitable by unauthenticated remote attackers. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no prerequisites are required and the attack is fully remote with no user interaction. A public proof-of-concept has been disclosed on GitHub, lowering the exploitation barrier; the product is not currently listed in the CISA KEV catalog.

SQLi PHP Class And Exam Timetabling System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-9676 MEDIUM POC PATCH This Month

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts.

WordPress CSRF F4 Post Tree
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-56781 MEDIUM PATCH This Month

Hidden field data disclosure in Teable before 2026-06-15T04-43-24Z.1912 allows unauthenticated remote attackers to bypass share view field visibility restrictions by supplying arbitrary field IDs in the API projection parameter. The share view records endpoint fails to enforce server-side field visibility policy, permitting any caller with access to a public share URL to read field values the table owner explicitly marked as hidden. No public exploit code has been identified at time of analysis, but the attack is trivially repeatable - field IDs are enumerable from unauthenticated share metadata, requiring no special tools or privileges beyond network access.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-9267 MEDIUM This Month

Out-of-bounds read in Eclipse tinydtls prior to commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 allows unauthenticated network attackers to crash memory-constrained IoT devices by sending a specially crafted Certificate handshake message during DTLS epoch 0. The vulnerable check_server_certificate() function omits buffer length validation before uint24 reads, memcmp, and memcpy operations, enabling reads beyond valid buffer boundaries on both client and server code paths. No public exploit code or active exploitation has been identified at time of analysis; however, the unauthenticated, network-reachable nature makes this straightforward to trigger against any exposed tinydtls endpoint.

Denial Of Service Buffer Overflow Information Disclosure Eclipse Tinydtls
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-54888 MEDIUM PATCH This Month

Stack exhaustion in the mdex and mdex_native Elixir Markdown libraries causes entire-node denial of service when processing attacker-controlled deeply nested Markdown. Two mutually recursive Rust NIF functions, ex_document_to_comrak_ast and comrak_ast_to_ex_document in document.rs, traverse the Comrak AST without enforcing a maximum nesting depth; a document with thousands of nested block quotes drives unbounded recursion that overflows the native C stack. Because the resulting SIGSEGV is raised inside a NIF, the Erlang runtime cannot catch it - the OS process hosting the BEAM terminates, killing every Elixir and Erlang process on the node. No public exploit has been identified at time of analysis, but the attack requires only crafted Markdown input with no authentication.

Denial Of Service Mdex Mdex Native
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-41992 MEDIUM PATCH This Month

Out-of-bounds read in GNU gzip's LZH decompression logic allows an unprivileged local attacker to disclose memory contents by supplying two specially crafted archives - an LZW file followed by an LZH file - in a single gzip -d invocation. The shared global decompression array, never reinitialized between files in the same process invocation, is poisoned by the LZW pass and subsequently causes the LZH decoder to read past the end of the allocated buffer, yielding high confidentiality impact per the CVSS 4.0 vector (VC:H). No public exploit or CISA KEV listing has been identified at time of analysis; the fix exists as an upstream source commit only, with no confirmed packaged release.

Buffer Overflow Gzip
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-53429 MEDIUM PATCH This Month

Native Rust heap exhaustion in leandrocp mdex and mdex_native allows any attacker who can supply document content to MDEx.to_html/1 to crash the BEAM Erlang/Elixir node through unbounded memory accumulation. The Rust NIF permanently leaks memory by calling Box::leak on every escaped-tag literal string during document rendering, with no size cap or rate limit - leakage compounds across repeated renders proportional to literal_size multiplied by node_count, and the BEAM VM can never reclaim native allocations once surrendered this way. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; vendor-released patches are available in mdex 0.12.3 and mdex_native 0.2.3.

Denial Of Service Mdex Mdex Native
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-53428 MEDIUM PATCH This Month

Unbounded memory allocation in the MDEx Elixir Markdown rendering library allows a remote unauthenticated attacker to exhaust host memory and crash the BEAM virtual machine by submitting a single crafted fenced code block with an oversized highlight_lines range. Any application that renders user-supplied Markdown through MDEx.to_html/2 - such as a comment box, chat message, or wiki page - is exposed; a payload differing by only a few bytes can force hundreds of megabytes to gigabytes of allocation. No public exploit has been identified at time of analysis, though the attack payload is trivially constructable directly from the public advisory, and patched versions 0.12.3 (mdex) and 0.2.3 (mdex_native) are available.

Denial Of Service Mdex Mdex Native
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-57942 MEDIUM This Month

IP spoofing in LibreTranslate through 1.9.7 allows unauthenticated remote attackers to bypass per-IP rate limiting and flood bans by injecting arbitrary values into the X-Forwarded-For HTTP header. The get_remote_address() function accepts client-supplied header values without validating that the request originated from a trusted proxy, enabling any attacker to present a rotating set of forged IP addresses and evade API abuse controls entirely. No public exploit code has been identified at time of analysis, but the technique requires no authentication and trivially low technical skill given the well-known nature of X-Forwarded-For abuse.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-12616 MEDIUM This Month

Log injection in Eclipse CSI PIA's unauthenticated /v1/upload/sbom endpoint allows a remote attacker to plant forged authentication-success log entries that are byte-for-byte indistinguishable from genuine PIA audit events. PIA is an authentication broker whose logs are explicitly designated as the authoritative source for incident response (DESIGN.md §5.4), meaning the forgery directly subverts the audit trail the service exists to produce. No public exploit has been identified at time of analysis, but the attack requires no authentication and minimal technical sophistication.

Information Disclosure Eclipse Csi Pia
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-9105 MEDIUM PATCH This Month

Stack-based buffer overflow in the TP-Link TL-WR841N v14 web management interface allows an authenticated attacker on the same local network segment to crash the embedded web server via crafted HTTP requests, forcing the device to automatically reboot. The impact is limited exclusively to availability - no confidentiality or integrity exposure has been identified. No public exploit code or CISA KEV listing exists at time of analysis; the constrained attack prerequisites (adjacent network, administrative credentials) significantly bound real-world risk.

TP-Link Buffer Overflow Stack Overflow Tl Wr841M V14
NVD VulDB
CVSS 4.0
6.8
EPSS
0.3%
CVE-2025-7386 MEDIUM This Month

Credential exposure in Hitachi Storage Navigator allows authenticated storage administrators to extract insufficiently protected credentials through the network-accessible management interface, potentially enabling lateral movement to systems outside the storage platform's authorization boundary. Affected platforms span the Hitachi VSP 5000-series and G/F/VX-series enterprise storage arrays running pre-patch firmware versions on both the DKCMAIN and SVP components. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the CVSS Scope:Changed metric indicates that exposed credentials could be leveraged against systems well beyond Storage Navigator itself.

Information Disclosure Hitachi Virtual Storage Platform 5100 5200 5500 5600 5100H 5200H 5500H 5600H Vx8 Hitachi Virtual Storage Platform G1000 G1500 F1500 Vx7
NVD VulDB
CVSS 3.1
6.8
EPSS
0.2%
CVE-2026-43716 MEDIUM PATCH This Month

Memory corruption (CWE-119) in Apple Safari's web content processing engine causes an unexpected application crash when rendering maliciously crafted web content. Affected across Safari, iOS 26, iPadOS 26, and macOS Tahoe - all versions prior to 26.5.2. An unauthenticated remote attacker can trigger a denial-of-service against any user who visits a hostile page, though no code execution is indicated by current data. No public exploit code and no CISA KEV listing are identified at time of analysis; exploitation probability (EPSS) was not provided in source data.

Apple Buffer Overflow Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-43745 MEDIUM PATCH This Month

Safari's web content processing engine on iOS, iPadOS, and macOS Tahoe contains an out-of-bounds write (CWE-787) that causes an unexpected crash when rendering maliciously crafted web content. All Safari versions prior to 26.5.2 - and the underlying WebKit engine shipping with iOS/iPadOS and macOS Tahoe prior to 26.5.2 - are affected. Apple has released patched versions across all three platforms; no public exploit code or CISA KEV listing has been identified at time of analysis, and available impact is limited to a denial-of-service crash with no confirmed code execution path.

Memory Corruption Apple Buffer Overflow Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-43720 MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content rendering engine causes a denial-of-service crash on Apple platforms running Safari, iOS/iPadOS, and macOS Tahoe prior to version 26.5.2. An attacker who can lure a victim to visit a maliciously crafted webpage can reliably crash the Safari browser, with no code execution or data exfiltration indicated by the available CVSS impact scores (C:N/I:N). No public exploit code and no CISA KEV listing have been identified at time of analysis, placing this in the category of a significant but non-critical browser crash vulnerability.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-43718 MEDIUM PATCH This Month

Stack-based buffer overflow in Apple Safari's web content processing engine causes an unexpected application crash across Safari, iOS/iPadOS, and macOS Tahoe platforms. All versions prior to 26.5.2 are affected; an attacker can trigger the overflow by luring a victim to a maliciously crafted web page, resulting in a denial-of-service through a Safari crash. No active exploitation is confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis, keeping real-world risk moderate despite the broad install base.

Buffer Overflow Apple Stack Overflow Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-57341 MEDIUM This Month

Unauthenticated IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce (versions ≤ 2.9.0) exposes shipping-related backend objects to manipulation by remote, unauthenticated attackers. Missing server-side authorization on object lookups allows adversaries to reference records belonging to other users, producing low integrity and availability impacts on WooCommerce shipping data with no confidentiality breach. No public exploit code or active exploitation has been identified at time of analysis, and no patched version number was independently confirmed in the available intelligence.

Authentication Bypass WordPress Colissimo Officiel
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-43676 MEDIUM PATCH This Month

Out-of-bounds read in Safari's web content processing engine causes an unexpected application crash when rendering maliciously crafted web content. Affected are Safari prior to 26.5.2, iOS and iPadOS prior to 26.5.2, and macOS Tahoe prior to 26.5.2. An unauthenticated remote attacker (per PR:N/AV:N in the CVSS vector) can trigger a denial-of-service condition by enticing a user to visit a crafted page; no public exploit or CISA KEV listing has been identified at time of analysis.

Apple Buffer Overflow Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-43742 MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit rendering engine causes unexpected process crashes when processing maliciously crafted web content across Safari, iOS/iPadOS, and macOS Tahoe. All three platform variants prior to the 26.5.2 release train are affected, covering a substantial portion of Apple's consumer and enterprise device fleet. An unauthenticated remote attacker can trigger a denial-of-service condition by enticing a victim to visit a specially crafted webpage; no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-13437 MEDIUM This Month

Devolutions PowerShell Universal 2026.2.0 leaks serialized App Tokens in plaintext within AI Agent job API responses, enabling authenticated privilege escalation through token theft and replay. An authenticated user holding only AI Agent read access - a lower-privileged role - can extract reusable App Tokens that may carry significantly higher privileges than their own account, effectively bypassing the intended access control boundary. No public exploit code exists and CISA has not listed this in KEV, but the CVSS C:H rating reflects that successful exploitation yields credentials reusable across the platform.

Information Disclosure Powershell Universal
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43732 MEDIUM PATCH This Month

Path traversal (CWE-22) in Apple's WebKit-based browser engine exposes sensitive user information when processing maliciously crafted web content in Safari, iOS, iPadOS, and macOS Tahoe prior to version 26.5.2. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms that an unauthenticated remote attacker needs only to induce a user to visit a malicious page, with no authentication or elevated privileges required. Apple has released fixes across all three platforms; no public exploit or CISA KEV listing has been identified at time of analysis.

Apple Path Traversal Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-28979 MEDIUM PATCH This Month

Out-of-bounds read in Apple's WebKit rendering engine crashes the browser process when parsing maliciously crafted web content, affecting Safari, iOS, iPadOS, and macOS Tahoe prior to version 26.5.2. The vulnerability requires only that a user visit or be redirected to an attacker-controlled page, making it trivially deliverable via phishing or malicious advertising. Impact is limited to a denial-of-service process crash per vendor disclosure; no public exploit or CISA KEV listing has been identified at time of analysis.

Apple Buffer Overflow Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43709 MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit engine causes unexpected process crashes when processing maliciously crafted web content. Affected platforms include Safari, iOS 26, iPadOS 26, and macOS Tahoe - all versions prior to 26.5.2. An unauthenticated remote attacker can trigger a denial-of-service condition by luring a user to a malicious web page; no public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43699 MEDIUM PATCH This Month

Use-after-free memory corruption in WebKit's web content processing causes unexpected process crashes across Safari, iOS, and iPadOS on all versions prior to 26.5.2. An unauthenticated remote attacker who can lure a user to visit a maliciously crafted web page can trigger this condition, resulting in a denial-of-service via browser process termination. No public exploit code has been identified at time of analysis and the vulnerability is absent from CISA KEV, though the use-after-free class in WebKit has historically been chained with other primitives to escalate impact.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43734 MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content processing engine causes an unexpected process crash when rendering maliciously crafted web pages. Affected products include Safari, iOS and iPadOS, and macOS Tahoe, all prior to version 26.5.2. No public exploit code has been identified at time of analysis and this vulnerability is not listed in CISA KEV, though the low attack complexity and no-privileges-required vector make user-targeted delivery straightforward.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-13593 MEDIUM PATCH This Month

CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and whitespace.

Information Disclosure Css Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-57335 MEDIUM This Month

Broken access control in the Ads by WPQuads WordPress plugin (versions <= 3.0.3) allows authenticated subscribers to perform privileged administrative actions they are explicitly unauthorized to execute. The flaw, classified under CWE-862 (Missing Authorization), results in high integrity impact with no confidentiality or availability effect, per the CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N vector. No active exploitation has been identified in CISA KEV at time of analysis, though the low attack complexity and widely deployed WordPress ecosystem make this a realistic risk for any site with open subscriber registration.

Authentication Bypass Ads By Wpquads
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43703 MEDIUM PATCH This Month

Out-of-bounds read in Apple's web content processing engine crashes the rendering process across iOS, iPadOS, and macOS Tahoe when a user visits or opens maliciously crafted web content. All iOS and iPadOS versions prior to 26.5.2 and macOS Tahoe versions prior to 26.5.2 are affected per EUVD-2026-40185 and Apple's own advisories. No active exploitation is confirmed in CISA KEV and no public exploit code has been identified; however, the zero-privilege, low-complexity attack path makes denial-of-service accessible to any attacker who can deliver a malicious web page to a victim.

Apple Buffer Overflow Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-57329 MEDIUM This Month

Stored Cross-Site Scripting in WooCommerce Designer Pro (WordPress plugin) versions 1.9.34 and earlier allows authenticated subscribers to inject malicious scripts that execute in the browsers of other users, including administrators. The scope change (S:C in CVSS) indicates injected payloads can cross privilege boundaries, enabling session hijacking, credential theft, or unauthorized administrative actions. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the subscriber-level entry point lowers the bar for exploitation on any site permitting account registration.

WordPress XSS Woocommerce Designer Pro
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43740 MEDIUM PATCH This Month

Safari, iOS/iPadOS, and macOS Tahoe expose process memory when the browser engine processes maliciously crafted web content, rooted in a CWE-119 improper memory buffer restriction (tagged Buffer Overflow). The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:H) indicates a network-reachable, low-complexity attack requiring only that the victim visit or render attacker-controlled content, resulting in high confidentiality impact through memory leakage. No active exploitation has been confirmed in CISA KEV and no public proof-of-concept has been identified at the time of analysis; Apple has released patched versions (26.5.2) across all affected platforms.

Apple Buffer Overflow Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43712 MEDIUM PATCH This Month

Out-of-bounds read in Apple's web content processing engine (WebKit) causes a browser process crash when a user visits a maliciously crafted webpage, affecting Safari, iOS/iPadOS, and macOS Tahoe. All versions prior to the 26.5.2 releases across those platforms are affected, making this a broad-surface denial-of-service vulnerability against Apple's default browser ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the low attack complexity and zero-authentication requirement lower the bar for opportunistic abuse once a malicious page is visited.

Apple Buffer Overflow Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43746 MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content processing causes an unexpected application crash across Apple platforms. Affected are Safari, iOS, iPadOS, and macOS Tahoe prior to version 26.5.2; exploitation requires only that a user visits or loads maliciously crafted web content, making drive-by delivery via a malicious webpage the primary vector. Impact is confined to availability - a forced Safari crash (denial of service) - with no confirmed confidentiality or integrity consequences. No public exploit code or active exploitation has been identified at time of analysis.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43727 MEDIUM PATCH This Month

Use-after-free in Safari's web content processing engine causes denial of service across Apple platforms, affecting Safari, iOS/iPadOS, and macOS prior to the 26.5.2 release line. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) confirms remote, unauthenticated triggering requiring only that a user visit attacker-controlled web content, with impact limited to availability - specifically an unexpected Safari crash. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-39872 MEDIUM PATCH This Month

Processing maliciously crafted web content in Apple Safari, iOS/iPadOS, and macOS Tahoe (all versions prior to 26.5.2) triggers an improper memory handling flaw (CWE-119 buffer overflow) in the web content processing pipeline, resulting in an unexpected process crash. The attack vector is network-based requiring user interaction (UI:R per CVSS), and impact is confined to availability - no confidentiality or integrity compromise is described. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA KEV catalog.

Apple Buffer Overflow Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43663 MEDIUM PATCH This Month

Memory corruption in Apple's WebKit-based web content processing allows an unauthenticated remote attacker to crash the affected process by luring a user to visit a maliciously crafted webpage. Affected platforms include Safari, iOS, iPadOS, and macOS Tahoe, all prior to version 26.5.2. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog; impact is limited to availability (process crash) with no confirmed confidentiality or integrity exposure.

Apple Buffer Overflow Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43717 MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content rendering engine causes an unexpected application crash when processing maliciously crafted web content. Affected are Apple Safari, iOS and iPadOS, and macOS Tahoe - all prior to version 26.5.2. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) confirms that a remote unauthenticated attacker can trigger this condition simply by luring a user to visit a hostile page, with impact limited to availability (process crash/DoS). No public exploit code identified and not listed in CISA KEV at time of analysis; vendor-released patches are available.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy