24h | 7d | 30d

Overview

  • Apple
  • Safari

11 May 2026
Published
13 May 2026
Updated

CVSS
Pending
EPSS
0.12%

KEV

Description

A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture fallback

Apple's May 11th update addressed 84 vulnerabilities spanning iOS, macOS, Safari, tvOS, watchOS, and visionOS. WebKit alone accounts for 13+ CVEs including CVE-2026-28883 and CVE-2026-43660. Kernel-level privilege escalation...

captechgroup.com/about-us/thre

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Microsoft
  • Windows Server 2025 (Server Core installation)

09 May 2023
Published
10 Jul 2025
Updated

CVSS v3.1
MEDIUM (6.7)
EPSS
0.58%

KEV

Description

Secure Boot Security Feature Bypass Vulnerability

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

Congratulations to CVE-2018-4063, CVE-2022-21894, CVE-2023-24932, CVE-2026-34197 for being the only 4 CVEs with a CISA ADP Exploitation Status of active but not on the KEV list :blobsalute:

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Sierra Wireless

06 May 2019
Published
13 Dec 2025
Updated

CVSS
Pending
EPSS
1.88%

Description

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

Congratulations to CVE-2018-4063, CVE-2022-21894, CVE-2023-24932, CVE-2026-34197 for being the only 4 CVEs with a CISA ADP Exploitation Status of active but not on the KEV list :blobsalute:

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

11 Jan 2022
Published
02 Jan 2025
Updated

CVSS v3.1
MEDIUM (4.4)
EPSS
42.69%

KEV

Description

Secure Boot Security Feature Bypass Vulnerability

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

Congratulations to CVE-2018-4063, CVE-2022-21894, CVE-2023-24932, CVE-2026-34197 for being the only 4 CVEs with a CISA ADP Exploitation Status of active but not on the KEV list :blobsalute:

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Apache Software Foundation
  • Apache ActiveMQ Broker
  • org.apache.activemq:activemq-broker

07 Apr 2026
Published
17 Apr 2026
Updated

CVSS
Pending
EPSS
75.81%

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

Congratulations to CVE-2018-4063, CVE-2022-21894, CVE-2023-24932, CVE-2026-34197 for being the only 4 CVEs with a CISA ADP Exploitation Status of active but not on the KEV list :blobsalute:

  • 0
  • 0
  • 0
  • 18h ago
Showing 21 to 25 of 25 CVEs