CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-43705
High

A type confusion vulnerability was discovered in Safari, iOS, iPadOS, and macOS Tahoe. The issue was fixed with improved type checking. Processing maliciously crafted web content may lead to memory corruption.

CVE-2026-43704
Medium

A use-after-free vulnerability was addressed with improved memory management in Safari, iOS, iPadOS, and macOS Tahoe. A malicious web extension may exploit this issue to cause an unexpected process crash.

CVE-2026-43703
Medium

A vulnerability in WebKit allows an unexpected process crash when processing maliciously crafted web content. The issue was fixed with improved memory handling in Apple systems.

CVE-2026-43701
High

A vulnerability in Safari and Apple systems allows a malicious website to process restricted web content outside the sandbox. The issue is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 with improved checks.

CVE-2026-43700
Medium

A cross-origin issue was addressed with improved tracking of security origins in Safari, iOS, iPadOS, and macOS Tahoe. Processing maliciously crafted web content may disclose sensitive user information. The fix is included in versions 26.5.2.

CVE-2026-43699
Medium

A use-after-free vulnerability in Safari, iOS, iPadOS, and macOS Tahoe could lead to an unexpected process crash when processing maliciously crafted web content. The issue was addressed with improved memory management.

CVE-2026-43676
Medium

An out-of-bounds access issue was addressed with improved bounds checking. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVE-2026-43663
Medium

A vulnerability in Safari and Apple systems may cause a process crash when processing maliciously crafted web content. The issue was fixed with improved memory handling.

CVE-2026-39872
Medium

A vulnerability in WebKit may lead to an unexpected process crash when processing maliciously crafted web content. The issue was addressed with improved memory handling. The fix is included in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

CVE-2026-39868
Critical

A vulnerability in Apple systems allows an app to cause unexpected system termination or corrupt kernel memory. The issue was addressed with improved input validation.

CVE-2026-37637
Critical

A vulnerability in Alexantr filemanager v.1.0 allows a remote attacker to execute arbitrary code via the filemanager.php component. The issue stems from insufficient input validation or code injection protection.

CVE-2026-31016
Medium

A Cross-Site Request Forgery (CSRF) vulnerability has been found in Squidex CMS version 7.21.0 and earlier. An attacker can exploit the IdentityServer account profile endpoint to escalate privileges without the victim's knowledge.

CVE-2026-28979
Medium

An out-of-bounds access vulnerability in Safari and Apple systems allows processing maliciously crafted web content to cause an unexpected process crash. The issue is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

CVE-2026-13763
Critical

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue only impacts HTTP/2 ALB target groups.

CVE-2026-13762
Critical

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected.

CVE-2026-13593
Medium

A memory leak vulnerability in CSS::Minifier::XS for Perl before version 0.14 occurs when minifying a document containing only characters to be removed, such as comments and whitespace.

CVE-2026-13008
Unknown

This CVE entry has been rejected. It is a reservation duplicate of CVE-2026-57700 and should not be used.

CVE-2026-58000
HighEPSS 69%

A command injection vulnerability in luci-proto-openvpn through version 0.11.1 (fixed in commit e4ff45e) exists in the generateKey ubus method. The cl_meta parameter is interpolated into a shell command without proper escaping, allowing an authenticated LuCI user with OpenVPN protocol configuration access to execute arbitrary commands as root via the popen function.

CVE-2026-57999
HighEPSS 64%

A command injection vulnerability in luci-app-tailscale-commons allows authenticated users to execute arbitrary commands as root via the tailscale.do_login RPC method. The issue stems from improper quoting of the loginserver and loginserver_authkey parameters within a double-quoted shell command, enabling shell substitutions like $() to be evaluated.

CVE-2026-53428
Medium

A vulnerability in the mdex and mdex_native libraries allows an unauthenticated attacker to cause a denial of service via unbounded memory allocation. The parse_highlight_lines function in the LumisAdapter component expands a user-controlled line range from a fenced code block without an upper bound, allocating huge vectors. A payload with a range like 1-2000000000 can exhaust host memory and abort the BEAM process.

PreviousPage 104 of 4499Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS