CVE Weekly Report — Week of Jun 29 – July 5, 2026
2026-W27
43
Total CVEs
1
Critical
7
High
0
Actively exploited
🔴 Critical CVEs (1)
| CVE | Product | CVSS | KEV | Description | Published |
|---|---|---|---|---|---|
| CVE-2026-39868 | macOS | 9.1 | — | This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Taho… | Jun 29 |
🟠 High CVEs (7)
| CVE | Product | CVSS | KEV | Description | Published |
|---|---|---|---|---|---|
| CVE-2026-43715 | macOS | 8.8 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-43705 | macOS | 8.8 | — | A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 2… | Jun 29 |
| CVE-2026-43731 | macOS | 8.8 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-43735 | macOS | 8.1 | — | The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS … | Jun 29 |
| CVE-2026-43724 | macOS | 7.8 | — | The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tah… | Jun 29 |
| CVE-2026-43701 | macOS | 7.1 | — | The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS … | Jun 29 |
| CVE-2026-43725 | macOS | 7.1 | — | The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5… | Jun 29 |
🟡 Medium CVEs (35)
| CVE | Product | CVSS | KEV | Description | Published |
|---|---|---|---|---|---|
| CVE-2026-43706 | macOS | 6.5 | — | A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, … | Jun 29 |
| CVE-2026-43663 | macOS | 6.5 | — | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.… | Jun 29 |
| CVE-2026-49090 | Elasticsearch | 6.5 | — | Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (C… | Jul 1 |
| CVE-2026-56148 | Elasticsearch | 6.5 | — | Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). … | Jul 1 |
| CVE-2026-43746 | macOS | 6.5 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-43745 | macOS | 6.5 | — | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.… | Jun 29 |
| CVE-2026-43742 | macOS | 6.5 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-43740 | macOS | 6.5 | — | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.… | Jun 29 |
| CVE-2026-43734 | macOS | 6.5 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-43732 | macOS | 6.5 | — | A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadO… | Jun 29 |
| CVE-2026-43727 | macOS | 6.5 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-43726 | macOS | 6.5 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-43721 | macOS | 6.5 | — | This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS … | Jun 29 |
| CVE-2026-43720 | macOS | 6.5 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-43718 | macOS | 6.5 | — | A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPad… | Jun 29 |
| CVE-2026-43717 | macOS | 6.5 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-43716 | macOS | 6.5 | — | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.… | Jun 29 |
| CVE-2026-43713 | macOS | 6.5 | — | A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPa… | Jun 29 |
| CVE-2026-43712 | macOS | 6.5 | — | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.… | Jun 29 |
| CVE-2026-43709 | macOS | 6.5 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-43707 | macOS | 6.5 | — | A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 … | Jun 29 |
| CVE-2026-43699 | macOS | 6.5 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-43676 | macOS | 6.5 | — | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.… | Jun 29 |
| CVE-2026-39872 | macOS | 6.5 | — | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.… | Jun 29 |
| CVE-2026-28979 | macOS | 6.5 | — | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.… | Jun 29 |
| CVE-2026-43703 | macOS | 6.5 | — | The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe … | Jun 29 |
| CVE-2026-43700 | macOS | 6.5 | — | A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS… | Jun 29 |
| CVE-2026-14355 | PHP | 5.6 | — | In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algo… | Jul 3 |
| CVE-2026-53325 | Linux | 5.5 | — | In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd6… | Jun 29 |
| CVE-2026-43722 | macOS | 5.5 | — | The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tah… | Jun 29 |
| CVE-2026-43704 | macOS | 5.3 | — | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a… | Jun 29 |
| CVE-2026-4360 | Python | 5.3 | — | In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected sy… | Jun 30 |
| CVE-2026-56149 | Elasticsearch | 4.9 | — | Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Exce… | Jul 1 |
| CVE-2026-43743 | macOS | 4.7 | — | A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS … | Jun 29 |
| CVE-2026-43708 | macOS | 4.3 | — | The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5… | Jun 29 |
