Unauthorized data access in macOS Sequoia, Tahoe, and Sonoma allows locally-installed applications to read sensitive user information due to insufficient privacy validation checks. An attacker with the ability to install or control an application on an affected system can exploit this to access confidential data without user consent. A patch is currently unavailable for this medium-severity vulnerability.
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 5.5 MEDIUM]
Sensitive information disclosure in Apple iOS and iPadOS results from improper state management in authorization checks, allowing an attacker with physical access to a locked device to view confidential user data. The vulnerability affects multiple iOS and iPadOS versions and currently lacks an available patch. Local privilege or device access is required, making this a risk primarily to users whose devices may be physically compromised.
Improper path validation in macOS and visionOS allows local attackers with user interaction to read sensitive user data through directory path manipulation. The vulnerability affects macOS Sequoia 15.7.3 and earlier, macOS Sonoma 14.8.3 and earlier, macOS Tahoe 26.2 and earlier, and visionOS 26.2 and earlier. No patch is currently available.
Saastech Cleaning and Internet Services Inc. TemizlikYolda is affected by authorization bypass through user-controlled key (CVSS 5.4).
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server. [CVSS 5.4 MEDIUM]
Cross-site scripting (XSS) in Vikunja prior to version 1.1.0 allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by injecting malicious code into task descriptions that are rendered without sanitization in hover tooltips. An attacker can exploit this by sharing a project and creating a specially crafted task that triggers the vulnerability when other users hover over it. A patch is available in version 1.1.0 and later.
logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 is affected by path traversal (CVSS 5.3).
Outline is a service that allows for collaborative documentation. [CVSS 5.3 MEDIUM]
Mail content filtering bypass in Apple macOS, iOS, and iPadOS allows remote content to load in message previews despite user-disabled remote content settings. An attacker can exploit this logic flaw to track user engagement or deliver malicious content that bypasses the intended privacy protection. Patches are available in macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, and macOS Sonoma 14.8.4.
The WaMate Confirm Order Confirmation WordPress plugin through version 2.0.1 fails to enforce proper authorization checks, allowing authenticated subscribers and higher-privileged users to manipulate phone number blocking settings that should be restricted to administrators. This improper access control vulnerability enables low-privileged attackers to disrupt phone number management functionality without administrative consent.
Deleted notes on affected Apple iOS and iPadOS devices remain accessible due to improper state management, allowing unauthenticated remote attackers to discover sensitive deleted content without user interaction. This information disclosure vulnerability affects iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5, with no patch currently available for earlier versions.
Safari web extensions on Apple platforms can leak user tracking information due to inadequate state management controls, allowing websites to identify and monitor individual users across browsing sessions. This vulnerability affects iOS, iPadOS, macOS, and visionOS, and is resolved in version 26.3 of each platform. The low CVSS score reflects limited direct user impact, though it represents a privacy concern for Safari users.
Frappe Learning Management System versions prior to 2.44.0 contain an information disclosure vulnerability that allows unauthenticated attackers to enumerate enrolled student email addresses from course batches. The flaw stems from improper access controls (CWE-863) that fail to restrict visibility of sensitive enrollment data to authorized users only. An attacker can exploit this over the network without authentication to obtain a complete roster of student contact information.
Unauthenticated attackers can extract protected post metadata from WordPress sites running WPZOOM Addons for Elementor plugin version 1.3.2 and earlier due to missing capability validation in an AJAX function. The vulnerability enables disclosure of draft, future, and pending post titles and excerpts that should remain hidden from anonymous users. No patch is currently available.
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]
Reflected XSS in MiniGal Nano 0.3.5 and earlier allows unauthenticated remote attackers to inject malicious scripts through the dir parameter in index.php, enabling arbitrary JavaScript execution in victim browsers. The vulnerability stems from insufficient output encoding when constructing error messages with user-supplied input. No patch is currently available for affected installations.
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. [CVSS 4.9 MEDIUM]
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. [CVSS 4.9 MEDIUM]
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.9 MEDIUM]
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. [CVSS 4.9 MEDIUM]
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. [CVSS 4.9 MEDIUM]
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. [CVSS 4.9 MEDIUM]
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. [CVSS 4.9 MEDIUM]
Roundcube Webmail versions up to 1.5.13 is affected by inclusion of functionality from untrusted control sphere (CVSS 4.7).
iOS and iPadOS devices expose sensitive user information to attackers with physical access to locked devices due to improper data handling in the system. The vulnerability allows unauthorized viewing of confidential information without requiring authentication or user interaction. Apple patched this information disclosure flaw in iOS 26.3 and iPadOS 26.3.
iPhone Mirroring in iOS and iPadOS allows an attacker with physical device access to bypass UI protections and capture screenshots containing sensitive information that should remain hidden during the mirroring session. The vulnerability stems from insufficient state management in the user interface, enabling unauthorized viewing of private data on the iPhone while it is being mirrored to a Mac. No patch is currently available for this medium-severity issue.
macOS devices running Sequoia 15.7.3 and earlier or Tahoe 26.2 and earlier contain an authorization bypass that permits an attacker with physical access to a locked device to view sensitive user information through improper state management. This vulnerability affects all macOS users and carries a MEDIUM severity rating with no available patch at this time. The flaw requires direct device access and does not enable code execution or system modification.
iOS and iPadOS devices with physical access vulnerabilities allow attackers to bypass authorization controls and access sensitive user information on locked devices through improper state management. The flaw affects multiple iOS versions including 18.7.5 and earlier, requiring only physical access to the device with no user interaction or elevated privileges. Apple has issued patches in iOS 26.3 and iPadOS 26.3, though updates for earlier versions (iOS 18.7.5 and iPadOS 18.7.5) are also available.
Information disclosure on locked iOS and iPadOS devices stems from improper UI state management, allowing an attacker with physical device access to view sensitive user data. The vulnerability affects multiple Apple mobile OS versions and currently lacks a public patch, though fixes are available in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5.
GitLab CE/EE versions 18.8 before 18.8.4 allow authenticated developers to obscure file modifications from the web interface through specially crafted changes. This vulnerability enables users with developer privileges to conceal their code alterations from visibility and review, potentially bypassing transparency controls. Currently no patch is available, and the issue requires user interaction to exploit.
System process denial of service affecting Apple macOS, iOS, and iPadOS through improper memory handling allows local attackers with physical access to crash critical system processes. The vulnerability impacts multiple recent OS versions including macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and newer releases, with patches available for affected users. This could enable attackers to disrupt system stability and availability on vulnerable Apple devices.
Stored XSS in WordPress Category Image plugin through version 2.0 allows authenticated users with Editor access or higher to inject malicious scripts via the tag-image parameter due to insufficient input validation. When other users view affected pages, the injected scripts execute in their browsers, potentially enabling session hijacking, credential theft, or site defacement. No patch is currently available.
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.4 MEDIUM]
Root-privileged applications on macOS can bypass information redaction mechanisms to access sensitive user data due to inadequate access controls. This affects macOS Tahoe 26.3 and earlier versions, allowing a malicious or compromised privileged app to read private information that should be protected. No patch is currently available for this vulnerability.
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.4 MEDIUM]
Memory handling vulnerabilities across Apple's macOS, iOS, and iPadOS platforms allow local attackers to trigger denial-of-service conditions or leak sensitive memory contents by processing specially crafted files. The vulnerability requires user interaction and local access, affecting multiple OS versions with patches available across the Apple ecosystem. CVSS 4.4 (Medium) severity reflects the limited attack surface and lack of remote exploitability.
The WPlyr Media Block plugin for WordPress through version 1.3.0 contains a stored cross-site scripting vulnerability in the '_wplyr_accent_color' parameter due to inadequate input sanitization, allowing authenticated administrators to inject malicious scripts that execute in other users' browsers. This requires high-privilege access and manual user interaction but impacts site integrity and user security across affected pages.
Denial of service affecting Apple's macOS, iOS, iPadOS, watchOS, tvOS, and visionOS results from a memory handling flaw that crashes processes when parsing malicious web content. An unauthenticated remote attacker can trigger unexpected application termination through crafted web pages, requiring only user interaction to visit a malicious site. A patch is not currently available for this medium-severity vulnerability.
Cipace versions up to 9.17 contains a vulnerability that allows attackers to bypass a protection mechanism (CVSS 4.3).
Gitlab versions up to 18.6.6 is affected by authorization bypass through user-controlled key (CVSS 4.3).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality. [CVSS 4.3 MEDIUM]
The Invoct PDF Invoices & Billing for WooCommerce plugin through version 1.6 fails to enforce capability checks, allowing authenticated Subscriber-level users to access sensitive data including invoice details, client information, and WordPress user email addresses. This privilege escalation vulnerability affects all WordPress installations using the affected plugin versions and has no available patch.
The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. [CVSS 4.3 MEDIUM]
Statamic versions prior to 5.73.6 and 6.2.5 allow authenticated users without asset viewing permissions to download and access asset metadata through improper access controls. Only users with valid control panel access can exploit this vulnerability, as logged-out users are unaffected. A patch is available in the fixed versions.