Total
4146 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-30452 | 1 Textpattern | 1 Textpattern | 2026-05-13 | N/A | 6.5 MEDIUM |
| Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in textpattern/include/txp_article.php, an attacker can bypass authorization checks and overwrite content belonging to other users. | |||||
| CVE-2026-42569 | 2026-05-13 | N/A | 9.4 CRITICAL | ||
| phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6. | |||||
| CVE-2026-28988 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-05-13 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2026-28922 | 1 Apple | 1 Macos | 2026-05-13 | N/A | 6.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information. | |||||
| CVE-2026-28957 | 1 Apple | 3 Ipados, Iphone Os, Visionos | 2026-05-13 | N/A | 3.3 LOW |
| An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen. | |||||
| CVE-2026-28978 | 1 Apple | 1 Macos | 2026-05-13 | N/A | 8.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox. | |||||
| CVE-2026-28993 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-05-13 | N/A | 5.5 MEDIUM |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data. | |||||
| CVE-2026-28910 | 1 Apple | 1 Macos | 2026-05-13 | N/A | 3.3 LOW |
| This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files. | |||||
| CVE-2016-4031 | 1 Samsung | 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more | 2026-05-13 | 4.6 MEDIUM | 6.8 MEDIUM |
| Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301. | |||||
| CVE-2016-9816 | 1 Xen | 1 Xen | 2026-05-13 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. | |||||
| CVE-2016-10237 | 1 Google | 1 Android | 2026-05-13 | 9.3 HIGH | 7.8 HIGH |
| If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory. | |||||
| CVE-2016-3020 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 3 more | 2026-05-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content. | |||||
| CVE-2016-8032 | 1 Mcafee | 1 Anti-malware Scan Engine | 2026-05-13 | 4.4 MEDIUM | 7.3 HIGH |
| Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | |||||
| CVE-2015-2687 | 1 Openstack | 1 Compute | 2026-05-13 | 1.9 LOW | 4.7 MEDIUM |
| OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. | |||||
| CVE-2015-3840 | 1 Google | 1 Android | 2026-05-13 | 2.1 LOW | 5.5 MEDIUM |
| The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. | |||||
| CVE-2016-6807 | 1 Apache | 1 Ambari | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process. | |||||
| CVE-2015-3295 | 1 Markdown-it Project | 1 Markdown-it | 2026-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| markdown-it before 4.1.0 does not block data: URLs. | |||||
| CVE-2016-5714 | 1 Puppet | 2 Puppet Agent, Puppet Enterprise | 2026-05-13 | 6.5 MEDIUM | 7.2 HIGH |
| Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability." | |||||
| CVE-2016-9412 | 1 Mybb | 2 Merge System, Mybb | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy. | |||||
| CVE-2016-8330 | 1 Oracle | 1 Solaris | 2026-05-13 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.7 (Integrity impacts). | |||||