Export limit exceeded: 350608 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350608 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40435 | 2026-05-13 | 5.3 Medium | ||
| When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-40703 | 2026-05-13 | 5.4 Medium | ||
| A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-65719 | 1 Rohitg00 | 1 Kubectl-mcp-server | 2026-05-13 | 9.8 Critical |
| An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page. | ||||
| CVE-2026-42141 | 1 Xibosignage | 1 Xibo | 2026-05-13 | 7.7 High |
| Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests from the CMS server to internal or external network resources. This can be exploited to scan internal infrastructure, access local cloud metadata endpoints (e.g., AWS IMDS), interact with internal services that lack authentication, or exfiltrate data. This vulnerability is fixed in 4.4.1. | ||||
| CVE-2026-43991 | 1 Dragonmonk111 | 1 Junoclaw | 2026-05-13 | 8.4 High |
| JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion advisory. Pre-patch, the check was applied to the raw command string rather than the parsed first token. This vulnerability is fixed in 0.x.y-security-1. | ||||
| CVE-2026-43892 | 1 Antsword Project | 1 Antsword | 2026-05-13 | 8.8 High |
| AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16. | ||||
| CVE-2026-31228 | 1 Trusted-ai | 1 Adversarial-robustness-toolbox | 2026-05-13 | 9.8 Critical |
| The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation. | ||||
| CVE-2026-28940 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-05-13 | 7.5 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing a maliciously crafted image may corrupt process memory. | ||||
| CVE-2026-28946 | 1 Apple | 1 Macos | 2026-05-13 | 6.5 Medium |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2026-37430 | 2026-05-13 | N/A | ||
| An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2026-28947 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-05-13 | 8.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2026-28952 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-05-13 | 7.5 High |
| An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination. | ||||
| CVE-2026-28956 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-05-13 | 6.5 Medium |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | ||||
| CVE-2026-28967 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-05-13 | 4.9 Medium |
| A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service. | ||||
| CVE-2026-28972 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-05-13 | 6.5 Medium |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2026-28985 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-05-13 | 6.2 Medium |
| A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service. | ||||
| CVE-2026-28991 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-05-13 | 7.5 High |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service. | ||||
| CVE-2026-28992 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-05-13 | 4.7 Medium |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app termination. | ||||
| CVE-2026-28993 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-05-13 | 5.5 Medium |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data. | ||||
| CVE-2026-28994 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-05-13 | 5.3 Medium |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets. | ||||