8.8
CVE-2026-20667 - Sandbox Enforcement Logic Flaw Allowing Application Breakout
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox.
7.8
CVE-2026-20610 - macOS Privilege Escalation via Improper Symlink Handling
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
5.5
CVE-2026-20647 - Sensitive User Data Leak in macOS Tahoe 26.3
This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
7.1
CVE-2026-20606 - App Bypass of Privacy Preferences in Apple Operating Systems
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences.
5.5
CVE-2025-43537 - Backup Restoration Path Handling Issue Allows Modification of Protected System Files
A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.
9.3
CVE-2026-26215 - manga-image-translator Shared API Unsafe Deserialization RCE
manga-image-translator versionΒ beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize attacker-controlled request bodies using picβ¦
7.1
CVE-2026-1669 - Arbitrary File Read in Keras via HDF5 External Datasets
Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references.
1.3
CVE-2026-26031 - Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by email) in batches. This vulnerability is fixeβ¦
7.5
CVE-2026-26029 - sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to exeβ¦
5.3
CVE-2026-26023 - Clientβside DOM XSS in the web chat app of Dify when using echarts
Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is fβ¦