CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-54888
Medium

A vulnerability in the mdex library (and mdex_native) allows a DoS attack by supplying a deeply nested Markdown document. Recursive conversion functions lack a maximum depth check, causing a C stack overflow and crashing the entire BEAM node.

CVE-2026-53429
Medium

A missing release of memory after effective lifetime vulnerability in mdex and mdex_native allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a document containing escaped-tag nodes, leading to unlimited memory consumption and process crash.

CVE-2026-53426
High

A vulnerability in the MDEx library for Elixir/Erlang allows exhaustion of the atom table by processing a specially crafted JSON document. The json_to_node/1 function creates new atoms for each unique node_type value, which are never garbage collected, leading to a crash of the entire BEAM virtual machine.

CVE-2026-43746
Medium

A use-after-free vulnerability was addressed with improved memory management in Safari. The issue is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVE-2026-43745
Medium

An out-of-bounds write vulnerability was found in Safari, iOS, iPadOS, and macOS Tahoe. The issue was fixed by improving input validation.

CVE-2026-43743
Medium

A race condition vulnerability was fixed in iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 by improving state handling. This flaw could allow an app to cause unexpected system termination.

CVE-2026-43742
Medium

A use-after-free vulnerability in Safari was fixed with improved memory management. The issue affects Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2026-43740
Medium

A vulnerability in Safari and Apple systems allows disclosure of process memory when processing maliciously crafted web content. The issue was fixed by improved memory handling.

CVE-2026-43735
High

A vulnerability in Safari allows a malicious website to exfiltrate data cross-origin. The issue was fixed with improved checks in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

CVE-2026-43734
Medium

A use-after-free vulnerability was addressed with improved memory management in Safari, iOS, iPadOS, and macOS Tahoe. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2026-43732
Medium

A path handling vulnerability in Safari and Apple systems was fixed with improved validation. Updates are available in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

CVE-2026-43731
High

A use-after-free vulnerability was found in Safari and Apple systems (iOS, iPadOS, macOS) that could lead to memory corruption when processing maliciously crafted web content. The issue was fixed with improved memory management.

CVE-2026-43727
Medium

A use-after-free vulnerability was fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Processing maliciously crafted web content may cause an unexpected Safari crash.

CVE-2026-43726
Medium

A use-after-free vulnerability was addressed with improved memory management in Safari, iOS, iPadOS, and macOS Tahoe. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2026-43725
High

A vulnerability in Safari and Apple systems allows a malicious website to process restricted web content outside the sandbox. The issue was fixed with improved input validation.

CVE-2026-43724
High

A vulnerability in Apple systems allows an app to cause unexpected system termination or write to kernel memory. The issue was addressed with improved input sanitization.

CVE-2026-43722
Medium

A vulnerability in Apple iOS, iPadOS, and macOS Tahoe allows an app to leak sensitive kernel state. The issue was fixed by improving input sanitization.

CVE-2026-43721
Medium

A vulnerability in Safari allows a malicious website to silently hijack clipboard data. The issue was addressed through improved state management. It is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

CVE-2026-43720
Medium

A use-after-free vulnerability was addressed with improved memory management in Safari. This issue is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVE-2026-43718
Medium

A stack overflow vulnerability was discovered in Safari, iOS, iPadOS, and macOS Tahoe, addressed with improved input validation. Processing maliciously crafted web content may lead to an unexpected Safari crash.

PreviousPage 125 of 4551Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS