CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.07)
A vulnerability in the mdex library (and mdex_native) allows a DoS attack by supplying a deeply nested Markdown document. Recursive conversion functions lack a maximum depth check, causing a C stack overflow and crashing the entire BEAM node.
A missing release of memory after effective lifetime vulnerability in mdex and mdex_native allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a document containing escaped-tag nodes, leading to unlimited memory consumption and process crash.
A vulnerability in the MDEx library for Elixir/Erlang allows exhaustion of the atom table by processing a specially crafted JSON document. The json_to_node/1 function creates new atoms for each unique node_type value, which are never garbage collected, leading to a crash of the entire BEAM virtual machine.
A use-after-free vulnerability was addressed with improved memory management in Safari. The issue is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
An out-of-bounds write vulnerability was found in Safari, iOS, iPadOS, and macOS Tahoe. The issue was fixed by improving input validation.
A race condition vulnerability was fixed in iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 by improving state handling. This flaw could allow an app to cause unexpected system termination.
A use-after-free vulnerability in Safari was fixed with improved memory management. The issue affects Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
A vulnerability in Safari and Apple systems allows disclosure of process memory when processing maliciously crafted web content. The issue was fixed by improved memory handling.
A vulnerability in Safari allows a malicious website to exfiltrate data cross-origin. The issue was fixed with improved checks in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.
A use-after-free vulnerability was addressed with improved memory management in Safari, iOS, iPadOS, and macOS Tahoe. Processing maliciously crafted web content may lead to an unexpected process crash.
A path handling vulnerability in Safari and Apple systems was fixed with improved validation. Updates are available in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.
A use-after-free vulnerability was found in Safari and Apple systems (iOS, iPadOS, macOS) that could lead to memory corruption when processing maliciously crafted web content. The issue was fixed with improved memory management.
A use-after-free vulnerability was fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Processing maliciously crafted web content may cause an unexpected Safari crash.
A use-after-free vulnerability was addressed with improved memory management in Safari, iOS, iPadOS, and macOS Tahoe. Processing maliciously crafted web content may lead to an unexpected process crash.
A vulnerability in Safari and Apple systems allows a malicious website to process restricted web content outside the sandbox. The issue was fixed with improved input validation.
A vulnerability in Apple systems allows an app to cause unexpected system termination or write to kernel memory. The issue was addressed with improved input sanitization.
A vulnerability in Apple iOS, iPadOS, and macOS Tahoe allows an app to leak sensitive kernel state. The issue was fixed by improving input sanitization.
A vulnerability in Safari allows a malicious website to silently hijack clipboard data. The issue was addressed through improved state management. It is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.
A use-after-free vulnerability was addressed with improved memory management in Safari. This issue is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
A stack overflow vulnerability was discovered in Safari, iOS, iPadOS, and macOS Tahoe, addressed with improved input validation. Processing maliciously crafted web content may lead to an unexpected Safari crash.

