Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22213
Total
1585
Critical
6782
High
7114
Medium
CVE ID Severity Score Description Published
CVE-2025-46315 HIGH 7.5 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user … Jun 11, 2026
CVE-2025-46313 UNKNOWN A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive … Jun 11, 2026
CVE-2025-46308 MEDIUM 5.3 An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may … Jun 11, 2026
CVE-2025-46293 MEDIUM 5.5 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected … Jun 11, 2026
CVE-2025-43339 MEDIUM 5.5 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access … Jun 11, 2026
CVE-2025-43278 UNKNOWN This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected … Jun 11, 2026
CVE-2025-31272 HIGH 7.8 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections … Jun 11, 2026
CVE-2025-30459 MEDIUM 5.5 A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access … Jun 11, 2026
CVE-2025-30431 MEDIUM 5.5 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may … Jun 11, 2026
CVE-2025-24284 HIGH 8.8 This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to … Jun 11, 2026
CVE-2025-24268 MEDIUM 5.5 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app … Jun 11, 2026
CVE-2025-24165 UNKNOWN A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may … Jun 11, 2026
CVE-2026-49261 CRITICAL 10.0 MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 … Jun 11, 2026
CVE-2026-48546 HIGH 7.3 KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require … Jun 11, 2026
CVE-2026-47157 MEDIUM 6.5 aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before … Jun 11, 2026
CVE-2026-46698 MEDIUM 5.3 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_ajax_nopriv_ftf_get_site_info (includes/Site_Info.php) that verified a nonce … Jun 11, 2026
CVE-2026-46697 HIGH 7.5 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy (includes/Media_Proxy.php) with permission_callback => __return_true … Jun 11, 2026
CVE-2026-3329 UNKNOWN A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints. Jun 11, 2026
CVE-2026-11986 MEDIUM 4.9 A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints … Jun 11, 2026
CVE-2026-49982 HIGH 8.2 tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain … Jun 11, 2026
CVE-2026-44705 UNKNOWN tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping … Jun 11, 2026
CVE-2026-44496 HIGH 7.5 Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the … Jun 11, 2026
CVE-2026-44495 HIGH 7.0 Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request … Jun 11, 2026
CVE-2026-44494 HIGH 8.7 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype … Jun 11, 2026
CVE-2026-44492 HIGH 8.6 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When … Jun 11, 2026