Total
13565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-8974 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-26 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | |||||
| CVE-2026-8973 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-26 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | |||||
| CVE-2026-45495 | 1 Microsoft | 1 Edge Chromium | 2026-05-26 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2026-28955 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-05-22 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2026-28940 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-05-22 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing a maliciously crafted image may corrupt process memory. | |||||
| CVE-2026-28847 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-05-22 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2026-8959 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | N/A | 9.6 CRITICAL |
| Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | |||||
| CVE-2026-7668 | 2026-05-20 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. You should upgrade the affected component. The vendor recommends to "use the latest v6.x or 7.x MikroTik RouterOS version, the reported issue should be fixed there." | |||||
| CVE-2026-8212 | 1 Osgeo | 1 Gdal | 2026-05-19 | 4.3 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded. | |||||
| CVE-2026-8213 | 1 Osgeo | 1 Gdal | 2026-05-19 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component. | |||||
| CVE-2026-8946 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-19 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | |||||
| CVE-2026-8954 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-19 | N/A | 7.5 HIGH |
| Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | |||||
| CVE-2026-8391 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A | 5.3 MEDIUM |
| Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. | |||||
| CVE-2026-8388 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A | 6.5 MEDIUM |
| Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. | |||||
| CVE-2026-8545 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-19 | N/A | 3.1 LOW |
| Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-8556 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-05-19 | N/A | 3.1 LOW |
| Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-8746 | 1 Open5gs | 1 Open5gs | 2026-05-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-8733 | 2026-05-18 | 7.5 HIGH | 6.3 MEDIUM | ||
| A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor responded to the initial vulnerability report by the researcher with a note that the product is discontinued. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-8764 | 2026-05-18 | 8.3 HIGH | 7.2 HIGH | ||
| A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-8836 | 2026-05-18 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be initiated remotely. The patch is named 0c957ec03054eb6c8205e9c9d1d05d90ada3898c. It is suggested to install a patch to address this issue. | |||||