Lucene search
K

34394 matches found

NCSC
NCSC
added 5 days ago7 views

Vulnerabilities found in Apple iOS and iPadOS

Apple has identified several vulnerabilities in iOS and iPadOS. These vulnerabilities include out-of-bounds access, use-after-free errors, memory handling issues, insufficient input validation, type confusion, double-free operations, stack overflows, race conditions, and path handling problems...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
NVD
NVD
added 5 days ago9 views

CVE-2026-14160

Time-of-check time-of-use TOCTOU race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d0d...

5.9CVSS0.0009EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40248

Time-of-check time-of-use TOCTOU race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d0d...

5.9CVSS5.8AI score0.0009EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-14160

Technical details about CVE-2026-14160 are not publicly provided in the supplied documents. Monitor for updates from Samsung Escargot advisories and NVD entries.

5.9CVSS5.8AI score0.0009EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 5 days ago3 views

Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-8772)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack enabling an attacker to block access to the overlay configuration page in the web interface of the Axis device. Exploitation requires prior authentication...

4.3CVSS5.9AI score0.00418EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47262)

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Axis has released patched AXIS OS versions for this flaw. Endpoints not...

5.3CVSS6AI score0.00334EPSS
Exploits0References2
NVD
NVD
added 6 days ago9 views

CVE-2026-7656

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6nbr.c handlerainput, handlensinput, handlenainput used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 code check using the wrong operator precedence: the form was 'length/hop/source/target checks...

8.1CVSS0.00232EPSS
Exploits0References2
NVD
NVD
added 6 days ago9 views

CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

9.1CVSS0.00368EPSS
Exploits0References2
NVD
NVD
added 6 days ago10 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS0.00413EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago3 views

CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

5.7AI score0.00368EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-53434 Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

0.00368EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-43743

A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination...

4.7CVSS0.00096EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-43743

A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination...

4.7CVSS5.7AI score0.00096EPSS
Exploits0References3
CVE
CVE
added 6 days ago11 views

CVE-2026-43743

CVE-2026-43743 is a race condition addressed by Apple in macOS Tahoe 26.5.2 and iOS/iPadOS 26.5.2. The issue affects the IOGPUFamily entry (Impact: a user-level app may cause an unexpected system termination) and is mitigated by the patched state handling. The CVE references confirm the fix in ma...

4.7CVSS5.7AI score0.00096EPSS
Exploits0References2Affected Software3
CVE
CVE
added 6 days ago14 views

CVE-2026-57959

CVE-2026-57959 affects Hi.Events up to version 1.9.0. The vulnerability arises in promo code validation where the reservation path checks the usage count before the asynchronous UpdateEventStatisticsJob increments it, enabling a race condition. Attackers can sequentially reserve multiple orders u...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40144

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-53265

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References4
Apple
Apple
added 6 days ago9 views

About the security content of iOS 26.5.2 and iPadOS 26.5.2

About the security content of iOS 26.5.2 and iPadOS 26.5.2 This update delivers security fixes that were first made available in the iOS 26.6 and iPadOS 26.6 betas. This document describes the security content of iOS 26.5.2 and iPadOS 26.5.2. About Apple security updates For our customers'...

9.1CVSS5.8AI score0.00371EPSS
Exploits2References1Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-53729

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A race condition, which occurs when the timing or sequence of events is not properly controlled, was identified. This issue allows an...

4.7CVSS6AI score0.00096EPSS
Exploits0References6
Rows per page
Query Builder