Total
363138 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-43706 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-06-30 | N/A | 6.5 MEDIUM |
| A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2026-43705 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-30 | N/A | 8.8 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption. | |||||
| CVE-2026-43704 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-30 | N/A | 5.3 MEDIUM |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash. | |||||
| CVE-2026-43703 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-06-30 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2026-43700 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-30 | N/A | 6.5 MEDIUM |
| A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2026-43699 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-30 | N/A | 6.5 MEDIUM |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2026-43676 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-30 | N/A | 6.5 MEDIUM |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||||
| CVE-2026-43663 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-30 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2026-39872 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-30 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2026-39868 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-06-30 | N/A | 9.1 CRITICAL |
| This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2026-28979 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-30 | N/A | 6.5 MEDIUM |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2026-28898 | 1 Apple | 1 Swiftnio Http\/2 | 2026-06-30 | N/A | 5.3 MEDIUM |
| swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values (:path, :authority, :scheme, :method, and :status) at both the HPACK header validation layer and the HTTP/2-to-HTTP/1.1 translation layer. Requests or responses containing CR, LF, or NUL bytes in any pseudo-header value are now rejected with a connection error. This issue is fixed in swift-nio-http2 1.44.1. | |||||
| CVE-2026-21036 | 1 Samsung | 1 Internet | 2026-06-30 | N/A | 5.5 MEDIUM |
| Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information. | |||||
| CVE-2026-54276 | 1 Aiohttp | 1 Aiohttp | 2026-06-30 | N/A | 6.1 MEDIUM |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to be able to execute. Further, the attacker is only receiving the digest, so should only be able to extract the user's credentials if the cryptography is weak or there is some kind of password reuse. This vulnerability is fixed in 3.14.1. | |||||
| CVE-2026-21034 | 2 Google, Samsung | 2 Android, Auto | 2026-06-30 | N/A | 3.3 LOW |
| Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration. | |||||
| CVE-2026-14164 | 2026-06-30 | N/A | 7.5 HIGH | ||
| A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition. Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service. | |||||
| CVE-2026-13766 | 2026-06-30 | N/A | 9.8 CRITICAL | ||
| DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quote_char, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers (order_by, where-clause column keys, field and returning lists, upsert columns, and join aliases) reach the SQL string raw, while values are placeholder-bound and unaffected. A caller that forwards untrusted input to an affected identifier position, such as a user-controlled order_by value, enables SQL injection: the row order can be made to depend on a sub-select over columns the query never selected, and the where and update identifier positions permit further data disclosure and tampering. | |||||
| CVE-2026-13548 | 2026-06-30 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was identified in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /doctortimings.php. The manipulation of the argument editid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | |||||
| CVE-2026-13542 | 2026-06-30 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /doctorprofile.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-13536 | 2026-06-30 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in GotoHTTP up to 10.2. This issue affects some unknown processing of the file /reg.12x. The manipulation of the argument sn leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "We immediately removed unnecessary parameter echo from source code. However the URL in the issue description will never be used in browser nor exposed to user, so it will not bring secure problem in fact. So we don't upgrade server right now, it will be included in next version together with other features." | |||||
