Skip to main content

CWE-1264

Hardware Logic with Insecure De-Synchronization between Control and Data Channels

3 CVEs Avg CVSS 7.2 MITRE
0
CRITICAL
2
HIGH
1
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-43713 MEDIUM PATCH This Month

Sensitive data leakage in Apple Safari, iOS/iPadOS, and macOS Tahoe before version 26.5.2 exposes users to cross-site data disclosure when visiting a malicious or compromised website. The root cause is a permissions enforcement deficiency (CWE-1264) that allows a web context to access data beyond its intended permission boundary. No active exploitation has been confirmed by CISA KEV, and the EPSS score of 0.17% (6th percentile) indicates low observed exploitation probability at time of analysis; however, the unauthenticated, low-complexity network vector makes this a realistic target for drive-by attacks once details become public.

Apple Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-21823 HIGH This Week

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-41588 HIGH This Week

The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Sensitive data leakage in Apple Safari, iOS/iPadOS, and macOS Tahoe before version 26.5.2 exposes users to cross-site data disclosure when visiting a malicious or compromised website. The root cause is a permissions enforcement deficiency (CWE-1264) that allows a web context to access data beyond its intended permission boundary. No active exploitation has been confirmed by CISA KEV, and the EPSS score of 0.17% (6th percentile) indicates low observed exploitation probability at time of analysis; however, the unauthenticated, low-complexity network vector makes this a realistic target for drive-by attacks once details become public.

Apple Information Disclosure Ios And Ipados
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy