CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43659
https://notcve.org/view.php?id=CVE-2026-43659
11 May 2026 — A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data. • https://support.apple.com/en-us/127110 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0CVE-2026-28897
https://notcve.org/view.php?id=CVE-2026-28897
11 May 2026 — A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A local user may be able to cause unexpected system termination or read kernel memory. • https://support.apple.com/en-us/127110 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2026-28907
https://notcve.org/view.php?id=CVE-2026-28907
11 May 2026 — The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. • https://support.apple.com/en-us/127110 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43655
https://notcve.org/view.php?id=CVE-2026-43655
11 May 2026 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory. • https://support.apple.com/en-us/127110 • CWE-125: Out-of-bounds Read •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2026-28819
https://notcve.org/view.php?id=CVE-2026-28819
11 May 2026 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/127111 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2026-43654
https://notcve.org/view.php?id=CVE-2026-43654
11 May 2026 — The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory. • https://support.apple.com/en-us/127110 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2026-28967
https://notcve.org/view.php?id=CVE-2026-28967
11 May 2026 — A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service. • https://support.apple.com/en-us/126792 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-28988
https://notcve.org/view.php?id=CVE-2026-28988
11 May 2026 — A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences. • https://support.apple.com/en-us/127110 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2026-28971
https://notcve.org/view.php?id=CVE-2026-28971
11 May 2026 — The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download settings. • https://support.apple.com/en-us/127110 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2026-28951
https://notcve.org/view.php?id=CVE-2026-28951
11 May 2026 — An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges. • https://support.apple.com/en-us/127110 • CWE-863: Incorrect Authorization •