|
251
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
watchos
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-43661
|
2026-05-13 02:51 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead…
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-28905
|
2026-05-13 02:51 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such mani…
Update
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8222
|
2026-05-13 02:49 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of …
Update
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8224
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by…
Update
|
CWE-89
SQL Injection
|
CVE-2025-14179
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global m…
Update
|
CWE-416
Use After Free
|
CVE-2026-6722
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
6.1 |
MEDIUM
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause t…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-6735
|
2026-05-13 02:43 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously…
New
|
CWE-416
Use After Free
|
CVE-2026-28883
|
2026-05-13 02:41 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7258
|
2026-05-13 02:41 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
6.5 |
MEDIUM
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, re…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7259
|
2026-05-13 02:40 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
