CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

ROS-20260512-73-0022

A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to gain access to read, modify, or delete protected information...

ROS-20260512-73-0021

A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to gain access to read, modify, or delete protected information...

CVE-2026-28930

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...

CVE-2026-43652

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...

CVE-2026-43652

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...

CVE-2026-28930

CVE-2026-28930 affects macOS Tahoe; a permissions issue allowed an app to access protected user data. The RedHat/NCSC/EUVD/NVD/Nessus entries and related feeds confirm the root cause as a permissions restriction, with the resolution being the macOS Tahoe 26.5 security update that applies addition...

CVE-2026-28930

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...

CVE-2026-28930

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...

Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n

Impact Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing...

ROS-20260507-73-0001

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260505-73-0074

A vulnerability in the ngxstreamsslmodule module of the NGINX Plus and NGINX Open Source HTTP server is related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote intruder to bypass security restrictions and gain unauthorized access to protected...

ROS-20260505-73-0079

A vulnerability in the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address and ipaddress.IPv6Network classes of the ipaddress module of the Python programming language interpreter CPython is related to incorrect IP address range validation. Exploitation of the vulnerability could...

ROS-20260429-73-0042

A vulnerability in the ngxstreamsslmodule module of the NGINX Plus and NGINX Open Source HTTP server is related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote intruder to bypass security restrictions and gain unauthorized access to protected...

ROS-20260420-73-0025

Vulnerability in python-aiohttp related to lack of service data protection. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260414-73-0061

A vulnerability in the f2fsdecompresscluster function of the fs/f2fs/compress.c module of the F2FS file system of the Linux kernel is related to insufficient resource locking. Exploitation of the vulnerability may allow an intruder to affect the integrity and availability of protected information...

ROS-20260408-73-0026

A vulnerability in the drivers/soc/qcom/mdtloader.c component of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability allows an intruder to gain unauthorized access to protected information...

ROS-20260401-73-0001

A vulnerability in the HTML Style Checker module of RoundCube Webmail is related to incorrect encoding or escaping of output data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

CVE-2026-28855

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data...

EUVD-2026-15121

An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access protected user data...