152
CVEs
12
Critical
43
High
0
KEV
0
PoC
45
Unpatched C/H
17.8%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
12
HIGH
43
MEDIUM
90
LOW
5
Monthly CVE Trend
Affected Products (30)
macOS
390
iOS
240
Memory Corruption
81
Ipados
78
Iphone Os
73
Windows
46
Safari
36
Android
34
Open Redirect
32
Ios Xe
31
Visionos
26
Use After Free
23
Tvos
23
Watchos
23
Command Injection
19
Firefox
17
Race Condition
15
Ios Xr
13
Null Pointer Dereference
12
Python
9
Node.js
8
Docker
8
Integer Overflow
7
Jwt Attack
7
PHP
7
Chrome
7
Linux Kernel
7
Ubuntu
6
Virtual Appliance Host
5
Virtual Appliance Application
5
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-28858 | Insufficient bounds checking in Apple iOS and iPadOS 26.4 allows unauthenticated remote attackers to trigger buffer overflow conditions that corrupt kernel memory or cause system crashes without user interaction. This critical vulnerability affects all devices running the affected OS versions and has no available patch. An attacker can exploit this flaw over the network to achieve denial of service or potentially escalate privileges through kernel memory corruption. | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|
| CVE-2026-33976 | Remote code execution via stored XSS in Notesnook Web Clipper affects all platforms prior to version 3.3.11 (Web/Desktop) and 3.3.17 (Android/iOS). Attackers can inject malicious HTML attributes into clipped web content that execute JavaScript in the application's security context when victims open the clip. On Electron desktop builds, unsafe Node.js integration (nodeIntegration: true, contextIsolation: false) escalates this XSS to full RCE with system-level access. CVSS 9.6 (Critical) reflects network-based attack requiring no authentication but user interaction. No public exploit identified at time of analysis, though attack methodology is detailed in vendor advisory. | CRITICAL | 9.6 | 0.1% | 48 |
No patch
|
| CVE-2026-28373 | Stackfield Desktop App before version 1.10.2 for macOS and Windows allows arbitrary file writes to the filesystem through a path traversal vulnerability in its decryption functionality when processing the filePath property. A malicious export file can enable attackers to overwrite critical system or application files, potentially leading to code execution or application compromise without requiring user interaction beyond opening the malicious export. | CRITICAL | 9.6 | 0.0% | 48 |
No patch
|
| CVE-2026-33439 | Remote code execution in OpenIdentityPlatform OpenAM 16.0.5 and earlier allows unauthenticated attackers to execute arbitrary OS commands via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypass exploits an unpatched deserialization sink in JATO's ClientSession.deserializeAttributes() that was overlooked when CVE-2021-35464 was mitigated. Attackers can target any JATO ViewBean endpoint with <jato:form> tags (commonly found in password reset pages) using a PriorityQueue→TemplatesImpl gadget chain with libraries bundled in OpenAM's WAR file. Vendor-released patch available in version 16.0.6 (GitHub commit 014007c). No public exploit code identified at time of analysis, but detailed technical writeup with gadget chain specifics has been published. | CRITICAL | 9.3 | 0.1% | 47 |
|
| CVE-2026-28827 | Improper path validation in macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) allows sandboxed applications to escape their sandbox restrictions through directory path traversal. A local attacker with the ability to run malicious apps can exploit this weakness to execute code outside sandbox boundaries with full system privileges. No patch is currently available for this critical vulnerability. | CRITICAL | 9.3 | 0.0% | 47 |
No patch
|
| CVE-2026-20688 | Sandbox escape vulnerability in Apple iOS, iPadOS, macOS, and visionOS allows local attackers to break out of application sandboxes through improper path validation, potentially enabling unauthorized access to system resources and data. An attacker with local access could leverage this flaw to execute arbitrary operations outside application boundaries and bypass security restrictions. No patch is currently available for this critical vulnerability affecting multiple Apple platforms. | CRITICAL | 9.3 | 0.0% | 47 |
No patch
|
| CVE-2026-33322 | JWT algorithm confusion in MinIO's OpenID Connect authentication enables attackers with knowledge of the OIDC ClientSecret to forge identity tokens and obtain S3 credentials with unrestricted IAM policies, including administrative access. Affected users can have their identities impersonated and their data accessed, modified, or deleted with 100% attack success rate. The vulnerability impacts MinIO deployments across Docker, Apple, and Microsoft platforms, with no patch currently available. | CRITICAL | 9.2 | 0.0% | 46 |
No patch
|
| CVE-2026-33419 | MinIO AIStor's Security Token Service (STS) AssumeRoleWithLDAPIdentity endpoint contains two combined vulnerabilities that enable LDAP credential brute-forcing: distinguishable error messages allowing username enumeration (CWE-204) and missing rate limiting (CWE-307). All MinIO deployments through the final open-source release with LDAP authentication enabled are affected. Unauthenticated network attackers can enumerate valid LDAP usernames, perform unlimited password guessing attacks, and obtain temporary AWS-style STS credentials granting full access to victim users' S3 buckets and objects. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2026-33066 | SiYuan's Bazaar (community package marketplace) fails to sanitize HTML in package README files during rendering, allowing stored XSS that escalates to remote code execution due to unsafe Electron configuration. An attacker can submit a malicious package with embedded JavaScript in the README that executes with full Node.js access when any user views the package details in the Bazaar. This affects SiYuan versions 3.5.9 and earlier across Windows, macOS, and Linux, with a CVSS score of 9.6 and multiple real-world exploitation vectors including data theft, reverse shells, and persistent backdoors. | CRITICAL | 9.0 | 0.5% | 45 |
|
| CVE-2026-33067 | SiYuan's Bazaar marketplace fails to sanitize package metadata (displayName, description) before rendering in the Electron desktop application, allowing stored XSS that escalates to arbitrary remote code execution. Any SiYuan user (versions ≤3.5.9) who browses the Bazaar will automatically execute attacker-controlled code with full OS-level privileges when a malicious package card renders-no installation or user interaction required. A functional proof-of-concept exists demonstrating command execution via img onerror handlers, and this vulnerability is actively tracked in GitHub's advisory database (GHSA-mvpm-v6q4-m2pf), making it a critical supply-chain risk to the SiYuan user community. | CRITICAL | 9.0 | 0.4% | 45 |
|
| CVE-2026-32751 | SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms. | CRITICAL | 9.0 | 0.4% | 45 |
No patch
|
| CVE-2026-39860 | Local privilege escalation in Nix package manager daemon (versions prior to 2.34.5/2.33.4/2.32.7/2.31.4/2.30.4/2.29.3/2.28.6) allows unprivileged users to gain root access in multi-user Linux installations. Incomplete fix for CVE-2024-27297 permits symlink attacks during fixed-output derivation registration, enabling arbitrary file overwrites as root. Attackers exploit sandboxed build registration by placing symlinks in temporary output paths, causing the daemon to follow symlinks and overwrite sensitive system files with controlled content. Affects default configurations where all users can submit builds. No public exploit identified at time of analysis. | CRITICAL | 9.0 | 0.0% | 45 |
No patch
|
| CVE-2025-43219 | Memory corruption in macOS Sequoia image processing allows remote attackers to achieve arbitrary code execution via maliciously crafted images requiring user interaction. Affects macOS Sequoia versions prior to 15.6, with CVSS 8.8 (High) severity due to potential for complete system compromise. EPSS data unavailable; no public exploit identified at time of analysis. Apple addressed the vulnerability through improved memory handling in macOS 15.6 (released June 2025). Attack requires victim to process a weaponized image file, making social engineering or malicious websites likely delivery vectors. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-43264 | Memory corruption in macOS Sequoia's image processing subsystem allows unauthenticated remote attackers to potentially execute arbitrary code when a user opens a specially crafted image file. Apple has patched this buffer overflow vulnerability in macOS 15.6. With a CVSS score of 8.8 and requiring only user interaction, this represents a significant attack surface for social engineering campaigns. EPSS data not available, but no public exploit or active exploitation confirmed at time of analysis. The SSVC framework rates this as total technical impact, reinforcing the criticality of applying the vendor patch. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-20631 | A logic flaw in macOS Tahoe allows local users to elevate their privileges through improved checks that were insufficient in earlier versions. This vulnerability affects macOS versions prior to 26.4 and enables privilege escalation attacks from standard user accounts to higher privilege levels. Apple has patched this issue in macOS Tahoe 26.4, and no active exploitation or public proof-of-concept code has been reported. | HIGH | 8.8 | 0.0% | 44 |
No patch
|