5.5

CVSS3.1

CVE-2025-43508 -

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

πŸ“… Published: Jan. 16, 2026, 5:06 p.m. πŸ”„ Last Modified: Jan. 27, 2026, 8:19 p.m.

3.3

CVSS3.1

CVE-2024-44210 -

This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.

πŸ“… Published: Jan. 16, 2026, 5:06 p.m. πŸ”„ Last Modified: Jan. 27, 2026, 8:24 p.m.

5.3

CVSS3.1

CVE-2025-24089 -

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.

πŸ“… Published: Jan. 16, 2026, 5:06 p.m. πŸ”„ Last Modified: Jan. 27, 2026, 8:25 p.m.

2.4

CVSS3.1

CVE-2024-54556 -

This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen.

πŸ“… Published: Jan. 16, 2026, 5:06 p.m. πŸ”„ Last Modified: Jan. 27, 2026, 8:24 p.m.

7.8

CVSS3.1

CVE-2024-44238 -

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory.

πŸ“… Published: Jan. 16, 2026, 5:06 p.m. πŸ”„ Last Modified: Jan. 27, 2026, 8:24 p.m.

7.7

CVSS3.1

CVE-2026-23529 - Arbitrary File Read in Google BigQuery Sink connector

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations fo…

πŸ“… Published: Jan. 16, 2026, 4:53 p.m. πŸ”„ Last Modified: Jan. 26, 2026, 3:05 p.m.

5.3

CVSS4.0

CVE-2026-23528 - Dask distributed Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dash…

πŸ“… Published: Jan. 16, 2026, 4:44 p.m. πŸ”„ Last Modified: Jan. 26, 2026, 3:05 p.m.

9.7

CVSS3.1

CVE-2026-23523 - Dive allows One-click Remote Code Execution through Deep Links for MCP Install

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim…

πŸ“… Published: Jan. 16, 2026, 4:29 p.m. πŸ”„ Last Modified: Jan. 26, 2026, 3:05 p.m.

6.5

CVSS3.1

CVE-2026-0949 -

PEM versions prior to 9.8.1 are affected by a stored Cross-site Scripting (XSS) vulnerability that allows users with access to the Manage Charts menu to inject arbitrary JavaScript when creating a new chart, which is then executed by any user accessing the chart. By default only the superuser and u…

πŸ“… Published: Jan. 16, 2026, 4:29 p.m. πŸ”„ Last Modified: Jan. 26, 2026, 3:05 p.m.

2.9

CVSS4.0

CVE-2026-22782 - RustFS RPC signature verification logs shared secret

RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), which exposes the secret to log readers and enables forged RPC calls. In crates/ecstore/src/rpc/http_…

πŸ“… Published: Jan. 16, 2026, 4:14 p.m. πŸ”„ Last Modified: Jan. 26, 2026, 3:05 p.m.
Total resulsts: 330874
Page 277 of 33,088
Β« previous page Β» next page
Filters