Skip to main content
CVE-2025-43417 MEDIUM This Month

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. [CVSS 5.5 MEDIUM]

Apple Path Traversal Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-36316 MEDIUM This Month

The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size checks potentially resulting in a denial of service [CVSS 5.5 MEDIUM]

Industrial Integer Overflow Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56807 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. [CVSS 5.5 MEDIUM]

Buffer Overflow Information Disclosure Media Streaming Add On
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20675 MEDIUM This Month

Information disclosure in Apple's image processing across iOS, iPadOS, macOS, tvOS, and visionOS allows local attackers to extract sensitive user data by supplying a specially crafted image file. The vulnerability requires user interaction to trigger the malicious image processing and affects multiple OS versions prior to their patched releases. No patch is currently available for affected users.

Apple Command Injection
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20666 MEDIUM This Month

Unauthorized access to sensitive user data in macOS can be achieved by local applications due to improper authorization state management affecting macOS Tahoe 26.2 and earlier. An attacker with local access and basic user privileges can exploit this flaw to read confidential information without user interaction. No patch is currently available for this vulnerability.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20629 MEDIUM This Month

Improper temporary file handling in macOS allows local applications to read sensitive user data without user interaction. An attacker with local access and app execution privileges can bypass privacy controls to access confidential information. This vulnerability affects macOS Tahoe 26.3 and earlier, with no patch currently available.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20608 MEDIUM PATCH This Month

Denial of service in Apple macOS, iOS, and iPadOS results from improper state management when processing malicious web content, causing unexpected process crashes. Local attackers with user interaction can trigger this vulnerability to disrupt system availability. No patch is currently available.

Apple Denial Of Service Ipados Iphone Os Visionos
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54151 MEDIUM This Month

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 5.5 MEDIUM]

Denial Of Service Qsync Central
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54150 MEDIUM This Month

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 5.5 MEDIUM]

Denial Of Service Qsync Central
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54149 MEDIUM This Month

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 5.5 MEDIUM]

Denial Of Service Qsync Central
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20654 MEDIUM This Month

A local privilege escalation vulnerability in Apple's operating systems (macOS, iOS, visionOS, and iPadOS) allows authenticated users to trigger a buffer overflow condition resulting in denial of service through application crashes. The vulnerability stems from improper memory handling and affects multiple Apple platforms including watchOS and tvOS. Currently, no patch is available, though the vendor has indicated fixes will be included in upcoming OS updates.

Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20634 MEDIUM This Month

Memory disclosure in Apple's image processing across macOS, iOS, iPadOS, tvOS, and visionOS allows local attackers with user interaction to leak sensitive process memory by submitting a specially crafted image file. The vulnerability requires no elevated privileges and affects multiple Apple operating system versions, with fixes available in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, and corresponding iOS/iPadOS updates. An attacker could exploit this to extract confidential data from running processes on the targeted device.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20621 MEDIUM This Month

Improper memory handling in Apple operating systems (macOS, iOS, iPadOS, visionOS) allows local attackers with user-level privileges to trigger kernel memory corruption or unexpected system crashes without user interaction. The vulnerability affects multiple macOS versions (Tahoe 26.3, Sonoma 14.8.4, Sequoia 15.7.4) and iOS/iPadOS 18.7.5 and later. No patch is currently available for this medium-severity flaw.

Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20602 MEDIUM This Month

macOS cache handling vulnerability CVE-2026-20602 allows local users with standard privileges to trigger a denial-of-service condition on affected systems running macOS Sonoma 14.8.4 and earlier, macOS Sequoia 15.7.4 and earlier, or macOS Tahoe 26.3 and earlier. No patch is currently available for this issue.

Apple Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20678 MEDIUM This Month

Unauthorized access to sensitive user data in iOS and iPadOS results from improper state management in authorization checks, allowing local applications to bypass access restrictions. This medium-severity vulnerability affects Apple iOS/iPadOS users running versions prior to 18.7.5 and 26.3, with no patch currently available. A malicious app with user permissions could extract confidential information without additional user interaction.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20630 MEDIUM This Month

macOS systems running versions prior to Tahoe 26.3 contain an improper permissions restriction that allows local applications to read sensitive user data without authorization. A threat actor with local access could exploit this vulnerability to exfiltrate protected information. A patch is currently unavailable for affected systems.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20624 MEDIUM This Month

Improper input validation in macOS Sequoia, Tahoe, and Sonoma allows local applications to access sensitive user data through an injection attack that requires user interaction. An attacker with a malicious app could exploit this vulnerability to read confidential information on affected systems. No patch is currently available for this medium-severity issue.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20619 MEDIUM This Month

macOS applications can access sensitive user data through insufficient log data redaction in Sequoia 15.7.3 and earlier, and Tahoe 26.2 and earlier. A local attacker with user interaction can exploit this information disclosure vulnerability to read confidential information that should be protected. No patch is currently available for this vulnerability.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20612 MEDIUM This Month

Unauthorized data access in macOS Sequoia, Tahoe, and Sonoma allows locally-installed applications to read sensitive user information due to insufficient privacy validation checks. An attacker with the ability to install or control an application on an affected system can exploit this to access confidential data without user consent. A patch is currently unavailable for this medium-severity vulnerability.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43403 MEDIUM This Month

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 5.5 MEDIUM]

Apple Authentication Bypass
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20655 MEDIUM This Month

Sensitive information disclosure in Apple iOS and iPadOS results from improper state management in authorization checks, allowing an attacker with physical access to a locked device to view confidential user data. The vulnerability affects multiple iOS and iPadOS versions and currently lacks an available patch. Local privilege or device access is required, making this a risk primarily to users whose devices may be physically compromised.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20625 MEDIUM This Month

Improper path validation in macOS and visionOS allows local attackers with user interaction to read sensitive user data through directory path manipulation. The vulnerability affects macOS Sequoia 15.7.3 and earlier, macOS Sonoma 14.8.3 and earlier, macOS Tahoe 26.2 and earlier, and visionOS 26.2 and earlier. No patch is currently available.

Apple Path Traversal
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-10912 MEDIUM This Month

Saastech Cleaning and Internet Services Inc. TemizlikYolda is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-2322 MEDIUM PATCH This Month

Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).

Google Chrome Red Hat Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-12575 MEDIUM This Month

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server. [CVSS 5.4 MEDIUM]

Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-25935 MEDIUM PATCH This Month

Cross-site scripting (XSS) in Vikunja prior to version 1.1.0 allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by injecting malicious code into task descriptions that are rendered without sanitization in hover tooltips. An attacker can exploit this by sharing a project and creating a specially crafted task that triggers the vulnerability when other users hover over it. A patch is available in version 1.1.0 and later.

XSS Vikunja Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-64074 MEDIUM This Month

logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 is affected by path traversal (CVSS 5.3).

Industrial
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-68663 MEDIUM This Month

Outline is a service that allows for collaborative documentation. [CVSS 5.3 MEDIUM]

Authentication Bypass Outline
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-20673 MEDIUM This Month

Mail content filtering bypass in Apple macOS, iOS, and iPadOS allows remote content to load in message previews despite user-disabled remote content settings. An attacker can exploit this logic flaw to track user engagement or deliver malicious content that bypasses the intended privacy protection. Patches are available in macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, and macOS Sonoma 14.8.4.

Apple Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1833 MEDIUM This Month

The WaMate Confirm Order Confirmation WordPress plugin through version 2.0.1 fails to enforce proper authorization checks, allowing authenticated subscribers and higher-privileged users to manipulate phone number blocking settings that should be restricted to administrators. This improper access control vulnerability enables low-privileged attackers to disrupt phone number management functionality without administrative consent.

WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20682 MEDIUM This Month

Deleted notes on affected Apple iOS and iPadOS devices remain accessible due to improper state management, allowing unauthenticated remote attackers to discover sensitive deleted content without user interaction. This information disclosure vulnerability affects iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5, with no patch currently available for earlier versions.

Apple Information Disclosure iOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20676 MEDIUM PATCH This Month

Safari web extensions on Apple platforms can leak user tracking information due to inadequate state management controls, allowing websites to identify and monitor individual users across browsing sessions. This vulnerability affects iOS, iPadOS, macOS, and visionOS, and is resolved in version 26.3 of each platform. The low CVSS score reflects limited direct user impact, though it represents a privacy concern for Safari users.

Apple Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-26031 MEDIUM This Month

Frappe Learning Management System versions prior to 2.44.0 contain an information disclosure vulnerability that allows unauthenticated attackers to enumerate enrolled student email addresses from course batches. The flaw stems from improper access controls (CWE-863) that fail to restrict visibility of sensitive enrollment data to authorized users only. An attacker can exploit this over the network without authentication to obtain a complete roster of student contact information.

Authentication Bypass Learning
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2295 MEDIUM This Month

Unauthenticated attackers can extract protected post metadata from WordPress sites running WPZOOM Addons for Elementor plugin version 1.3.2 and earlier due to missing capability validation in an AJAX function. The vulnerability enables disclosure of draft, future, and pending post titles and excerpts that should remain hidden from anonymous users. No patch is currently available.

WordPress Zoom
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66274 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-25868 MEDIUM This Month

Reflected XSS in MiniGal Nano 0.3.5 and earlier allows unauthenticated remote attackers to inject malicious scripts through the dir parameter in index.php, enabling arbitrary JavaScript execution in victim browsers. The vulnerability stems from insufficient output encoding when constructing error messages with user-supplied input. No patch is currently available for affected installations.

PHP XSS Minigal Nano
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-58466 MEDIUM This Month

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. [CVSS 4.9 MEDIUM]

Qnap Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54161 MEDIUM This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. [CVSS 4.9 MEDIUM]

Denial Of Service File Station
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-59386 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54163 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Null Pointer Dereference File Station
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-47205 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54162 MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.9 MEDIUM]

Path Traversal File Station
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-58472 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Null Pointer Dereference Qsync Central
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-58471 MEDIUM This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. [CVSS 4.9 MEDIUM]

Denial Of Service Qsync Central
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-57711 MEDIUM This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. [CVSS 4.9 MEDIUM]

Denial Of Service Qsync Central
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-57710 MEDIUM This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. [CVSS 4.9 MEDIUM]

Denial Of Service Qsync Central
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-54155 MEDIUM This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. [CVSS 4.9 MEDIUM]

Denial Of Service File Station
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-26079 MEDIUM PATCH This Month

Roundcube Webmail versions up to 1.5.13 is affected by inclusion of functionality from untrusted control sphere (CVSS 4.7).

RCE Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2026-20674 MEDIUM This Month

iOS and iPadOS devices expose sensitive user information to attackers with physical access to locked devices due to improper data handling in the system. The vulnerability allows unauthorized viewing of confidential information without requiring authentication or user interaction. Apple patched this information disclosure flaw in iOS 26.3 and iPadOS 26.3.

Apple iOS Ipados Iphone Os
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-20640 MEDIUM This Month

iPhone Mirroring in iOS and iPadOS allows an attacker with physical device access to bypass UI protections and capture screenshots containing sensitive information that should remain hidden during the mirroring session. The vulnerability stems from insufficient state management in the user interface, enabling unauthorized viewing of private data on the iPhone while it is being mirrored to a Mac. No patch is currently available for this medium-severity issue.

Apple iOS Iphone Os Ipados
NVD
CVSS 3.1
4.6
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy