CVE Weekly Report — Week of Jun 29 – July 5, 2026

2026-W27

43
Total CVEs
1
Critical
7
High
0
Actively exploited

🔴 Critical CVEs (1)

CVEProductCVSSKEVDescriptionPublished
CVE-2026-39868macOS9.1This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Taho…Jun 29

🟠 High CVEs (7)

CVEProductCVSSKEVDescriptionPublished
CVE-2026-43715macOS8.8A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-43705macOS8.8A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 2…Jun 29
CVE-2026-43731macOS8.8A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-43735macOS8.1The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS …Jun 29
CVE-2026-43724macOS7.8The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tah…Jun 29
CVE-2026-43701macOS7.1The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS …Jun 29
CVE-2026-43725macOS7.1The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5…Jun 29

🟡 Medium CVEs (35)

CVEProductCVSSKEVDescriptionPublished
CVE-2026-43706macOS6.5A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, …Jun 29
CVE-2026-43663macOS6.5The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.…Jun 29
CVE-2026-49090Elasticsearch6.5Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (C…Jul 1
CVE-2026-56148Elasticsearch6.5Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). …Jul 1
CVE-2026-43746macOS6.5A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-43745macOS6.5An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.…Jun 29
CVE-2026-43742macOS6.5A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-43740macOS6.5The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.…Jun 29
CVE-2026-43734macOS6.5A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-43732macOS6.5A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadO…Jun 29
CVE-2026-43727macOS6.5A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-43726macOS6.5A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-43721macOS6.5This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS …Jun 29
CVE-2026-43720macOS6.5A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-43718macOS6.5A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPad…Jun 29
CVE-2026-43717macOS6.5A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-43716macOS6.5The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.…Jun 29
CVE-2026-43713macOS6.5A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPa…Jun 29
CVE-2026-43712macOS6.5The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.…Jun 29
CVE-2026-43709macOS6.5A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-43707macOS6.5A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 …Jun 29
CVE-2026-43699macOS6.5A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-43676macOS6.5An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.…Jun 29
CVE-2026-39872macOS6.5The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.…Jun 29
CVE-2026-28979macOS6.5An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.…Jun 29
CVE-2026-43703macOS6.5The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe …Jun 29
CVE-2026-43700macOS6.5A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS…Jun 29
CVE-2026-14355PHP5.6In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algo…Jul 3
CVE-2026-53325Linux5.5In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd6…Jun 29
CVE-2026-43722macOS5.5The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tah…Jun 29
CVE-2026-43704macOS5.3A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a…Jun 29
CVE-2026-4360Python5.3In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected sy…Jun 30
CVE-2026-56149Elasticsearch4.9Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Exce…Jul 1
CVE-2026-43743macOS4.7A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS …Jun 29
CVE-2026-43708macOS4.3The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5…Jun 29

📦 Most affected products

© 2026 EOLCanary — Data from endoflife.date & NVD
Explore