|
4721
|
5.5 |
MEDIUM
Local
|
-
|
-
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.
|
CWE-125
Out-of-bounds Read
|
CVE-2025-46280
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4722
|
7.0 |
HIGH
Local
|
-
|
-
|
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges.
|
CWE-362
Race Condition
|
CVE-2025-46284
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4723
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
|
CWE-284
Improper Access Control
|
CVE-2025-46307
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4724
|
7.1 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Woocommerce Envato Affiliates: from n…
|
CWE-862
Missing Authorization
|
CVE-2025-14361
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4725
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access cont…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9580
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4726
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site …
|
CWE-352
CWE-862
Origin Validation Error
Missing Authorization
|
CVE-2026-9582
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4727
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql in…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9584
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4728
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument I…
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2026-9603
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4729
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improp…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9604
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4730
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9606
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
