Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22213
Total
1585
Critical
6782
High
7114
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-46315 | HIGH | 7.5 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user … | Jun 11, 2026 |
| CVE-2025-46313 | UNKNOWN | — | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive … | Jun 11, 2026 |
| CVE-2025-46308 | MEDIUM | 5.3 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may … | Jun 11, 2026 |
| CVE-2025-46293 | MEDIUM | 5.5 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected … | Jun 11, 2026 |
| CVE-2025-43339 | MEDIUM | 5.5 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access … | Jun 11, 2026 |
| CVE-2025-43278 | UNKNOWN | — | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected … | Jun 11, 2026 |
| CVE-2025-31272 | HIGH | 7.8 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections … | Jun 11, 2026 |
| CVE-2025-30459 | MEDIUM | 5.5 | A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access … | Jun 11, 2026 |
| CVE-2025-30431 | MEDIUM | 5.5 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may … | Jun 11, 2026 |
| CVE-2025-24284 | HIGH | 8.8 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to … | Jun 11, 2026 |
| CVE-2025-24268 | MEDIUM | 5.5 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app … | Jun 11, 2026 |
| CVE-2025-24165 | UNKNOWN | — | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may … | Jun 11, 2026 |
| CVE-2026-49261 | CRITICAL | 10.0 | MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 … | Jun 11, 2026 |
| CVE-2026-48546 | HIGH | 7.3 | KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require … | Jun 11, 2026 |
| CVE-2026-47157 | MEDIUM | 6.5 | aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before … | Jun 11, 2026 |
| CVE-2026-46698 | MEDIUM | 5.3 | Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_ajax_nopriv_ftf_get_site_info (includes/Site_Info.php) that verified a nonce … | Jun 11, 2026 |
| CVE-2026-46697 | HIGH | 7.5 | Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy (includes/Media_Proxy.php) with permission_callback => __return_true … | Jun 11, 2026 |
| CVE-2026-3329 | UNKNOWN | — | A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints. | Jun 11, 2026 |
| CVE-2026-11986 | MEDIUM | 4.9 | A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints … | Jun 11, 2026 |
| CVE-2026-49982 | HIGH | 8.2 | tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain … | Jun 11, 2026 |
| CVE-2026-44705 | UNKNOWN | — | tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping … | Jun 11, 2026 |
| CVE-2026-44496 | HIGH | 7.5 | Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the … | Jun 11, 2026 |
| CVE-2026-44495 | HIGH | 7.0 | Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request … | Jun 11, 2026 |
| CVE-2026-44494 | HIGH | 8.7 | Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype … | Jun 11, 2026 |
| CVE-2026-44492 | HIGH | 8.6 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When … | Jun 11, 2026 |