Apple
Monthly
Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain root execution by replacing co-located auxiliary binaries that the multipassd LaunchDaemon invokes via a user-writable PATH directory. The flaw is an incomplete remediation of CVE-2025-5199: while 1.16.0 corrected ownership of the multipassd binary itself, five sibling binaries (multipass, qemu-img, qemu-system-aarch64, qemu-system-x86_64, sshfs_server) were left owned by the installing user and writable, enabling binary planting. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
{ timer_delete_sync(...); put_device(...); } hid_hw_close(hdev); hid_hw_stop(hdev); Even after Window A is closed, hid_hw_close()/hid_hw_stop() still run afterwards, so a late ".event" callback from the HID core (USB URB completion on real Apple hardware) can arrive after timer_delete_sync() drained the softirq but before put_device() drops the reference. That callback reaches reset_inactivity_timer(), which calls mod_timer() and re-arms the timer. The freshly re-armed timer can then fire on the about-to-be-freed backlight_device. Both windows produce the same KASAN slab-use-after-free: BUG: KASAN: slab-use-after-free in __mutex_lock+0x1aab/0x21c0 Read of size 8 at addr ffff88803ee9a108 by task swapper/0/0 Call Trace: <IRQ> __mutex_lock backlight_device_set_brightness appletb_inactivity_timer call_timer_fn run_timer_softirq handle_softirqs Allocated by task N: devm_backlight_device_register appletb_bl_probe Freed by task M: (concurrent hid_appletb_bl unbind path) Close both windows at once by reworking the tear-down in appletb_kbd_remove() and in the probe close_hw error path so that 1) hid_hw_close()/hid_hw_stop() run before the backlight cleanup, guaranteeing no further .event callback can fire and re-arm the timer, and 2) inside the "if (kbd->backlight_dev)" block, timer_delete_sync() runs before put_device(), so the softirq is drained before the final reference is dropped.
Stripe payment processing can be permanently disabled on any WooCommerce store running the PeachPay plugin through version 1.120.46 by an unauthenticated attacker who successfully social-engineers a logged-in site administrator. The vulnerability stems from missing nonce validation on the peachpay_stripe_handle_admin_actions function, allowing a forged cross-site request to irreversibly wipe all Stripe credentials - publishable keys, secret keys, webhook secrets, and Apple Pay configuration - from the WordPress database. No public exploit code or CISA KEV listing has been identified at time of analysis, but the CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms the attack is network-exploitable at low complexity requiring only one user-interaction step.
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config permission inject arbitrary SQL through the custom-report column-config endpoint, which concatenates user-supplied 'sql', 'from', and 'where' fields directly into a query executed via Doctrine's fetchAssociative(). Because the controller returns raw database error messages in its JSON response, attackers can perform error-based extraction (e.g. EXTRACTVALUE) to read credentials and arbitrary tables, and can bypass the keyword denylist using inline /**/ comments to reach UPDATE/INSERT/DELETE - compromising confidentiality and integrity. Publicly available exploit code exists (a full PoC is published in the GitHub advisory); no CISA KEV listing or EPSS score is present in the provided data.
Improper access control in Apple macOS (all versions before Tahoe 26) allows a locally installed application running with standard user privileges to access sensitive user data beyond its authorized scope. The root cause - a faulty permissions enforcement code path - was remediated by removing the vulnerable code entirely in macOS Tahoe 26. No public exploit identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.
Improper access control in Apple macOS allows a locally-executed app to read sensitive user data by exploiting a logic flaw in system-level restrictions. Affected are all macOS versions prior to Tahoe 26, per the CPE data and EUVD-2025-209943. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires no user interaction once an app is running under low privileges, and the confidentiality impact is rated High. No public exploit code exists and this vulnerability is not confirmed actively exploited (CISA KEV).
Out-of-bounds read in Apple macOS (all versions prior to macOS Tahoe 26) allows a locally authenticated, low-privileged application to trigger unexpected system termination, constituting a local denial-of-service condition. The root cause is insufficient bounds checking in a macOS component, addressed by Apple in macOS Tahoe 26. No public exploit code exists and this vulnerability is not listed in CISA KEV, though a vendor-confirmed patch is available.
Improper authorization in Apple macOS allows a locally-installed malicious application to access sensitive user data without proper entitlement checks. Affected releases span three macOS generations: Sequoia (prior to 15.7), Sonoma (prior to 14.8), and the forthcoming Tahoe (prior to 26). The flaw stems from a logic issue in access validation, meaning apps lacking legitimate permissions can bypass gating controls to read protected data. No public exploit code or CISA KEV listing has been identified at time of analysis.
Incorrect permission assignment (CWE-732) in Apple macOS allows a locally-running app to modify protected parts of the file system without authorization. Affected are macOS Sonoma prior to 14.8, macOS Sequoia prior to 15.7, and macOS Tahoe prior to 26, covering three active macOS release trains simultaneously. The CVSS vector (AV:L/AC:L/PR:L/UI:N, I:H) confirms that a low-privileged local app can achieve high-integrity writes to restricted file system regions with no user interaction required; no public exploit has been identified at time of analysis.
Local privilege escalation in Apple macOS allows a malicious or compromised application to win a race condition (CWE-362) and elevate from a normal user context to root. The flaw affects macOS releases prior to Sequoia 15.7 and Tahoe 26, was reported by Apple itself, and is resolved by additional validation in the patched builds. No public exploit has been identified at time of analysis, and the CVSS 7.0 rating reflects high attack complexity tied to reliably hitting the timing window.
Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root by exploiting a logic flaw (improper privilege management) that was resolved with additional validation checks. The flaw affects macOS Sonoma before 14.8, macOS Sequoia before 15.7, and macOS Tahoe before 26, and was reported by Apple itself. There is no public exploit identified at time of analysis and no EPSS or KEV signal was provided, indicating no confirmed active exploitation.
Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape to the host by serving a malicious model whose config.json points model_file at a Python file. The MLX inference backend uses MLX-LM's importlib-based loader with no trust_remote_code gate and no sandbox, so a pull-and-infer request to model-runner.docker.internal executes attacker code as the Docker Desktop user. No public exploit identified at time of analysis and KEV status is not indicated.
Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Docker network to execute Python code on the host as the Docker Desktop user. The vllm-metal backend hardcodes trust_remote_code=True when loading tokenizers and runs unsandboxed, so any model pulled from an OCI registry can ship attacker-controlled Python that executes when inference is requested via the model-runner.docker.internal API. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Arbitrary command execution in IINA media player for macOS versions prior to 1.4.3 allows remote attackers to run shell commands as the logged-in user by tricking the victim into approving an iina://open URL containing malicious mpv_-prefixed parameters. Publicly available exploit code exists and a vendor patch has been released; exploitation requires a single browser protocol prompt approval (UI:A) but no authentication and no valid media file.
Path traversal in Mobile Verification Toolkit (MVT) pip/mvt versions through 2026.4.28 allows an adversary who delivers a crafted iOS backup to trigger arbitrary file writes or reads on the analyst's filesystem by embedding directory traversal sequences in fileID values within the backup's Manifest.db SQLite database. The decrypt-backup command can write attacker-controlled content to arbitrary writable paths - enabling shell profile modification or SSH key injection for code execution - while check-backup can read arbitrary host files into MVT's JSON and CSV forensic output. No public exploit has been identified at time of analysis; vendor-released patch v2026.5.12 is available.
Cross-origin read access to Algernon's SSE auto-refresh event server (versions ≤ 1.17.6) allows any web page visited by a developer to silently subscribe to the live file-change stream via a browser-native EventSource. The root cause is a hardcoded wildcard `Access-Control-Allow-Origin: *` response header in the dedicated SSE port activated by the `-a` flag, with no origin inspection or allow-list logic present in the vendored recwatch handler. No public exploit identified at time of analysis per KEV absence, though a complete working proof-of-concept - including exploit HTML and curl verification transcript - is published in GHSA-hw27-4v2q-5qff.
Algernon's auto-refresh SSE event server unintentionally exposes developer file-change streams to unauthenticated LAN peers on Linux and macOS due to a platform-dependent bind address default that was never intended to reach adjacent hosts. On non-Windows platforms, the SSE listener resolves to 0.0.0.0:5553 (all interfaces), while Windows correctly binds to 127.0.0.1:5553 - a silent asymmetry introduced in engine/flags.go that leaves developers on the most common Algernon platforms exposed whenever they work on shared networks. A publicly available proof-of-concept demonstrates that any host on the same subnet can enumerate project filenames and edit timing with a single unauthenticated curl command, with no developer interaction required; no public exploit identified at time of analysis rises to confirmed active exploitation (not in CISA KEV).
Trilium Notes Electron desktop application on macOS, versions 0.102.1 and prior, permits local attackers to spoof macOS Transparency, Consent, and Control (TCC) permission prompts by exploiting the enabled RunAsNode Electron fuse, which allows arbitrary Node.js code to execute under Trilium's trusted identity. An attacker with local code execution can spawn a subprocess inheriting Trilium's macOS identity and then request TCC-protected resources - camera, microphone, screen, ~/Documents, ~/Downloads - causing the system prompt to appear as if the legitimate Trilium Notes app is requesting access, not the attacker. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, the social-engineering angle makes it particularly dangerous for macOS users who extend implicit trust to Trilium. Version 0.102.2 resolves the issue by disabling the RunAsNode fuse.
Denial of service in dasel (Go data selector library) versions 3.0.0 through 3.10.0 allows attackers who control selector query strings to pin a CPU core at 100% indefinitely via a 2-byte payload (`r/`). The selector lexer's `matchRegexPattern` closure lacks an end-of-input bounds check, causing an infinite loop when tokenizing unterminated regex literals. No public exploit identified at time of analysis beyond the reporter's PoC, and the issue is not listed in CISA KEV.
Denial of service in dasel (Go data selector library) v3.0.0 through v3.10.0 allows attackers who influence selector query strings to crash the host process via a 2-byte input. A trailing backslash inside a quoted selector (e.g., `"\` or `'\`) triggers an index-out-of-range panic in the lexer's escape-sequence handler. Publicly available exploit code exists (PoC in the GHSA advisory), and no public exploit identified at time of analysis indicates in-the-wild abuse.
Path traversal in go-git allows crafted repository payloads to write files outside the intended checkout directory, including into the repository's .git directory and parent paths. The vulnerability stems from go-git failing to implement path validation checks that upstream Git adopted years ago, creating a drift-induced security gap across all supported platforms - with additional platform-specific attack vectors affecting Windows and macOS users distinctly. CVSS scores this at 5.4 medium with no public exploit identified at time of analysis and no CISA KEV listing, but the real-world risk is elevated in automated pipelines or developer tooling that processes untrusted repositories without human review.
Firefox for iOS Reader mode exposed an unauthenticated local HTTP server on the device, enabling a co-installed malicious application to request arbitrary URLs through that server and receive responses rendered with the authenticated user's session cookies. Affected versions are all Firefox for iOS releases prior to 151.0, confirmed by Mozilla Security Advisory MFSA2026-49. No public exploit code has been identified and CISA SSVC rates exploitation as none at time of analysis, but successful exploitation would allow silent exfiltration of authenticated web content from the victim's active browsing session.
Local privilege escalation in Mullvad VPN for macOS versions 2026.1 and earlier allows a user in the admin group to gain root code execution during installation or upgrade. The installer's preinstall script executes binaries from /Applications/Mullvad VPN.app without verifying the bundle's integrity, enabling an admin-group attacker to pre-stage a malicious app bundle that runs as root. No public exploit identified at time of analysis, and the flaw is only triggerable when an installer is run, not on already-installed systems.
Off-host request forgery in the Faraday Ruby HTTP client library (versions 2.0.0-2.14.1) allows a remote unauthenticated attacker who can influence the per-request target to redirect HTTP requests - along with connection-scoped `Authorization` headers - to an arbitrary attacker-controlled host. This is a bypass of the February 2026 patch for CVE-2026-25765 (GHSA-33mh-2634-fwr2): the prior fix sanitized `String` inputs to `Faraday::Connection#build_exclusive_url` but failed to handle `URI` objects, which Ruby's URI parser resolves differently. Publicly available exploit code (proof-of-concept) exists and was independently confirmed against an external HTTP collector, demonstrating real-world credential exfiltration.
Open WebUI versions up to 0.8.8 expose admin-configured system prompts to authenticated regular (non-admin) users through the /api/models API endpoint, allowing information disclosure of sensitive model instructions and internal configuration details. The vulnerability requires valid user authentication but no administrative privileges, enabling any authenticated user to retrieve confidential system prompts via a simple HTTP GET request. This is confirmed actively exploited in production deployments with a publicly available proof-of-concept.
Out-of-bounds memory read in Google Chrome on iOS versions before 148.0.7778.168 enables remote attackers to access sensitive memory contents through a compromised renderer process. The vulnerability requires user interaction to visit a malicious webpage and exploitation of a prior renderer compromise. With EPSS at 0.03% and no known active exploitation, this represents a moderate risk primarily in targeted attack chains.
Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CSS injection in mistune's Image directive plugin allows unauthenticated remote attackers to inject arbitrary CSS properties via the :width: or :height: options in fenced image directives, enabling full-page phishing overlays and UI redressing attacks. The vulnerability stems from a prefix-only regex validation (_num_re.match() with no end-of-string anchor) that accepts values like '100vw;position:fixed;background-color:#e11d48;...' and renders them unescaped into style= attributes. Confirmed fixed in v3.2.1; publicly available proof-of-concept demonstrates full-viewport colored overlay generation from a single malicious :width: directive.
Cross-site scripting (XSS) vulnerability in mistune's render_toc_ul() function allows attackers to inject arbitrary HTML and JavaScript into table-of-contents output by crafting malicious heading IDs. When heading identifiers are derived from user-supplied text (standard practice for readable slug anchors), an attacker can break out of the href attribute context with a payload like `x"><script>alert(document.cookie)</script><a href="`, causing the script block to execute in the rendered TOC. The vulnerability requires user interaction (UI:R) to view the poisoned TOC but affects all users of the generated page. Vendor-released patch available in mistune 3.2.1.
OS command injection in Fleet's software installer pipeline allows arbitrary code execution as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when a specially crafted software package is uninstalled. The vulnerability exists because package metadata fields are not sanitized before being incorporated into auto-generated uninstall scripts. An attacker with the ability to upload packages to Fleet can exploit this by embedding malicious commands in package metadata fields, resulting in code execution with elevated privileges when endpoints execute the uninstall operation. Patch version 4.81.1 available.
Remote unauthenticated attackers can crash Klever-Go blockchain validators by sending a single 48 KiB compressed gossip packet that decompresses to multi-gigabyte allocations, killing the process via out-of-memory condition. The vulnerability in Batch.Decompress performs unbounded gzip decompression before anti-flood checks execute, enabling a single malicious peer to OOM-kill validators and disrupt chain liveness. Proof-of-concept demonstrates 45,604× amplification (48 KiB wire → 2.1 GiB heap). No public exploit identified at time of analysis, but vendor confirms internal discovery and patch development in progress.
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data.
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.
An information leakage was addressed with additional validation. This issue is fixed in macOS Tahoe 26.5. An app may be able to gain root privileges.
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service.
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
Buffer overflow in macOS allows remote unauthenticated attackers to cause system crashes and denial of service without user interaction. Affects macOS Sequoia versions prior to 15.7.7 and macOS Tahoe versions prior to 26.5. Apple has released patches addressing the vulnerability through improved bounds checking. Despite network-based attack vector and low complexity (CVSS 7.5), EPSS score of 0.05% (15th percentile) indicates minimal observed exploitation activity, and CISA SSVC framework confirms no active exploitation detected. Automatable attack path suggests potential for scanning-based campaigns if exploited.
Sandbox escape vulnerability in Apple operating systems allows malicious apps with low privileges to break out of application sandbox and execute code with elevated privileges on the host system. Affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms. EPSS score of 0.02% (7th percentile) indicates low probability of mass exploitation in the wild, though the CVSS 8.8 score reflects significant potential impact if successfully weaponized. No active exploitation confirmed at time of analysis.
Type confusion vulnerability in Apple's operating systems allows remote unauthenticated attackers to trigger denial of service across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has released patches addressing the issue in iOS/iPadOS 18.7.9 and 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. The CVSS vector indicates network-accessible exploitation with low complexity and no privileges required, though EPSS score of 0.13% (32nd percentile) suggests relatively low likelihood of widespread exploitation. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Process memory corruption in Apple's image processing subsystem across iOS, iPadOS, macOS, tvOS, and visionOS allows remote attackers to extract confidential data from process memory via crafted images. The vulnerability affects all Apple operating systems prior to their respective May 2026 security updates. CVSS vector indicates network-based, unauthenticated exploitation requiring no user interaction beyond processing the image, though the CVSS score focuses on confidentiality impact (C:H) with no integrity or availability impact. EPSS score of 0.02% suggests low observed exploitation likelihood, with no CISA KEV listing or public POC identified at time of analysis. Apple has released patches across all affected platforms.
The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file may terminate the process.
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Memory corruption in Apple operating systems allows remote attackers to trigger unexpected app termination or corrupt process memory by delivering a maliciously crafted media file to users, requiring user interaction to open the file. Affects iOS/iPadOS 26.4 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. No public exploit identified at time of analysis; vendor-released patches are available across all affected platforms.
An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen.
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Tahoe 26.5. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
A use-after-free vulnerability in Apple's Wi-Fi stack allows attackers in a privileged network position to cause denial-of-service via crafted Wi-Fi packets. The vulnerability affects iOS and iPadOS versions prior to 26.5 and 18.7.9, macOS versions prior to 26.5, 15.7.7, and 14.8.7, and tvOS, watchOS versions prior to 26.5. Exploitation requires adjacent network access and specific radio conditions (AC:H) but results in high availability impact with no active public exploitation identified.
Remote attackers can crash Apple devices or corrupt kernel memory without authentication via a use-after-free vulnerability affecting iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has released patches across eight separate security bulletins (HT127110-127120) fixing this memory management flaw in all supported OS versions. EPSS score of 0.10% (28th percentile) suggests low exploitation probability despite the network-accessible attack vector and lack of authentication requirements. No active exploitation or public POC identified at time of analysis.
macOS Tahoe allows applications to access protected user data due to insufficient permission enforcement on system APIs. The vulnerability affects all macOS versions prior to 26.5 and is tagged as an authentication bypass, indicating apps can circumvent permission prompts or system restrictions to read sensitive data without user consent. While not yet actively exploited (EPSS 0.01%, no CISA KEV listing), the CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the local application context described, suggesting potential network-accessible component or misclassified attack vector requiring vendor clarification.
High confidentiality information disclosure across Apple's ecosystem (iOS, iPadOS, macOS, visionOS) allows remote unauthenticated attackers to extract sensitive data by delivering a maliciously crafted file. The vulnerability affects all current Apple operating systems and was fixed in March 2026 security updates (iOS/iPadOS 18.7.9/26.5, macOS 14.8.7/26.5, visionOS 26.5). Despite CVSS 7.5 HIGH rating and network attack vector requiring no privileges, EPSS exploitation probability is very low at 0.02% (5th percentile), suggesting minimal real-world risk. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.
Apps on iOS and iPadOS can bypass App Privacy Report logging due to insufficient entitlement checks, allowing malicious applications to conceal their privacy-invasive activities from users. Fixed in iOS/iPadOS 18.7.9 and 26.4. The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the actual attack requirements, as exploitation requires a malicious app already installed on the device, not remote network access. Despite the 7.5 CVSS score, EPSS exploitation probability is very low (0.02%, 5th percentile), no active exploitation is confirmed, and no public exploit code identified at time of analysis.
Physical access to a locked macOS Tahoe device prior to version 26.5 allows an attacker to view sensitive user information without authentication. The vulnerability has a low EPSS score (0.02%, 6th percentile) and CISA assesses it as non-exploitable in the wild (SSVC exploitation: none), indicating this is a low-probability real-world threat despite the confidentiality impact rating. The fix is available in macOS Tahoe 26.5.
Improper bounds checking in Apple operating systems allows processing of maliciously crafted files to cause unexpected application termination (denial of service) on iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability affects multiple major OS versions and requires local file processing without user interaction, but has extremely low real-world exploitation probability (EPSS 0.02%) despite moderate CVSS score.
Information leakage in Apple operating systems allows remote attackers to extract sensitive data by crafting and hosting malicious websites that users visit. The vulnerability affects iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. Exploitation requires user interaction (UI:R) to visit a malicious website but does not require authentication, with an EPSS score of 0.03 percent indicating low real-world exploitation probability despite the information disclosure impact.
Local authenticated apps bypass user consent mechanisms to access sensitive user data across iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. The vulnerability allows malicious or compromised applications running with standard user privileges to exfiltrate protected information without triggering the expected permission prompts. Apple has patched this by implementing an additional consent verification layer, though the low EPSS score (0.02%) suggests real-world exploitation remains limited.
Null pointer dereference in Apple operating systems (iOS, iPadOS, macOS Tahoe, tvOS) allows local network attackers to cause denial of service by sending crafted input that bypasses validation. The vulnerability affects all versions prior to iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5. No code execution or data compromise is possible; impact is limited to availability disruption on affected devices.
A race condition in Apple operating systems allows authenticated local attackers to access sensitive user data with high complexity exploitation. The vulnerability affects iOS 18.7.9 and earlier, iPadOS 18.7.9 and earlier, iOS 26.5 and earlier, iPadOS 26.5 and earlier, macOS Sequoia 15.7.7 and earlier, macOS Sonoma 14.8.7 and earlier, macOS Tahoe 26.5 and earlier, and visionOS 26.5 and earlier. Vendor-released patches are available, and exploitation requires local access with user-level privileges and high technical complexity. The EPSS score of 0.02% and absence from active exploitation databases indicate low real-world exploitation risk despite the high confidentiality impact.
Buffer overflow in Apple operating systems allows local unauthenticated users to cause unexpected system termination or read kernel memory without requiring user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions, with exploitation limited to local access. Vendor-released patches are available for all affected platforms, and EPSS scoring of 0.03% indicates exploitation remains unlikely despite the local attack vector.
Denial of service in Apple macOS prior to version 26.5 allows remote attackers to crash Safari via maliciously crafted web content that triggers a use-after-free memory condition. The vulnerability requires user interaction (opening a malicious webpage) but no authentication, affecting all macOS versions before 26.5. EPSS exploitation probability is very low at 0.02%, suggesting limited real-world attack incentive despite the crash capability.
Out-of-bounds read in Apple operating systems allows malicious applications to crash the system or leak kernel memory across iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5. The vulnerability requires local application execution but no user interaction, enabling information disclosure and denial-of-service attacks. Despite high CVSS 7.3 scoring, the EPSS probability is very low (0.02%, 5th percentile), indicating minimal observed exploitation activity. Vendor-released patches are available for all affected platforms.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.
Kernel memory disclosure vulnerability affects all major Apple operating systems through improper memory handling. Malicious apps can read sensitive kernel memory contents remotely without authentication (CVSS 7.5, AV:N). Apple has released patches across iOS/iPadOS (versions 18.7.9 and 26.5), macOS (Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5), tvOS 26.5, visionOS 26.5, and watchOS 26.5. Despite the network attack vector, EPSS score remains very low at 0.02% (7th percentile), suggesting limited real-world exploitation probability. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Insufficient permission enforcement in macOS Tahoe prior to 26.5 allows applications to bypass access controls and read protected user data without proper authorization. Apple addressed the vulnerability through hardened permission checks in version 26.5. EPSS probability indicates minimal observed exploitation activity (0.01%, 3rd percentile), and no public exploit code or CISA KEV listing exists at time of analysis, suggesting exploitation requires application-specific development effort rather than readily available tooling.
Denial-of-service vulnerability in iOS and iPadOS allows network-positioned attackers with high privileges to crash or degrade service availability through insufficient input validation. Apple addressed this with patches in iOS 18.7.7, iPadOS 18.7.7, iOS 26.4, and iPadOS 26.4. EPSS score of 0.02% (5th percentile) indicates very low real-world exploitation probability despite CVSS score of 4.9.
Privacy bypass in Apple operating systems allows local authenticated apps to circumvent user-configured privacy restrictions through permission mishandling. The vulnerability affects iOS, iPadOS, macOS Tahoe, visionOS, and watchOS versions prior to 26.5. An attacker with local app execution privileges can access sensitive data classified as restricted by user privacy settings, though without authentication bypass or integrity compromise. Fixed in coordinated OS updates across Apple's ecosystem.
The issue was addressed with improved UI handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download settings.
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
Privilege escalation in Apple operating systems allows local authenticated applications to gain root privileges through an authorization flaw in state management. Affects multiple macOS versions (Sonoma, Sequoia, Tahoe) and iOS/iPadOS versions prior to patched releases. Apple has issued coordinated security updates across all affected platforms (iOS 18.7.9/26.5, iPadOS 18.7.9/26.5, macOS Sonoma 14.8.7, Sequoia 15.7.7, Tahoe 26.5). EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation despite high CVSS 7.8, with no public exploit identified at time of analysis and no CISA KEV listing. The local attack vector requiring authenticated privileges substantially reduces immediate risk compared to network-based vulnerabilities.
IP address tracking across iOS, iPadOS, macOS, and visionOS allows remote attackers to correlate user activity without authentication due to improper state management (CWE-359: Exposure of Private Personal Information). The vulnerability affects default configurations across six Apple OS versions with network-accessible attack vector and low complexity. EPSS score of 0.02% (7th percentile) indicates minimal observed exploitation activity. Apple released coordinated patches across all affected platforms in March 2026 security updates.
Improper permissions checking in macOS before version 26.4 allows a malicious app with local user privileges to access arbitrary files without user interaction, potentially exposing sensitive data. The vulnerability has a low EPSS score (0.01%) and no confirmed active exploitation, making it a low-priority but real local privilege escalation risk for systems where untrusted applications may execute.
Use-after-free in WebKit allows remote attackers to trigger Safari crashes and potentially achieve arbitrary code execution across Apple's entire ecosystem (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) via maliciously crafted web content. Users must visit or be tricked into visiting a malicious webpage (UI:R). Despite CVSS 8.8 (High) with theoretical code execution impact (C:H/I:H/A:H), EPSS probability is extremely low (0.02%, 5th percentile), indicating minimal observed exploitation activity. No public exploit identified at time of analysis, and vendor patches are available across all platforms as of version 26.5.
Memory corruption in Safari's WebKit engine across all Apple platforms allows remote attackers to trigger information disclosure via maliciously crafted web content delivered through network-accessible attack vectors requiring no authentication or user interaction. Despite the vendor description focusing on crash scenarios, the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates high confidentiality impact with no availability impact, suggesting potential memory disclosure rather than denial of service. Patched in iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation despite network-accessible attack vector.
Memory corruption in Apple operating systems due to a race condition in locking mechanisms allows local authenticated attackers to cause unexpected app termination or potential denial of service. The vulnerability affects iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. Vendor-released patches are available across all affected platforms, with no public exploit identified at time of analysis.
Integer overflow in Apple operating systems allows remote unauthenticated attackers to crash devices via maliciously crafted input, causing denial of service through system termination. Affects iOS/iPadOS versions prior to 18.7.9, macOS Sequoia prior to 15.7.7, macOS Sonoma prior to 14.8.7, and macOS Tahoe prior to 26.5. Apple has released patches for all affected platforms. Despite the network attack vector and lack of authentication requirements (CVSS AV:N/PR:N), EPSS exploitation probability is very low at 0.02% (5th percentile), and no public exploits or active exploitation have been identified. Not listed in CISA KEV, suggesting limited real-world targeting.
Memory corruption in WebKit across Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS) allows remote attackers to access sensitive information via malicious web content. CVSS vector indicates network-based exploitation requiring no user interaction or authentication (AV:N/AC:L/PR:N/UI:N), contradicting the description's 'process crash' outcome with the High Confidentiality impact rating. EPSS score of 0.02% (5th percentile) suggests low real-world exploitation probability. Vendor patches available for all affected platforms (version 26.5). SSVC framework rates this as automatable with partial technical impact but no observed exploitation.
Local privilege escalation in macOS allows authenticated users with low-level access to gain root privileges through a permissions enforcement flaw. Affects macOS Tahoe (pre-26.4), Sequoia (pre-15.7.7), and Sonoma (pre-14.8.7). Apple has released patches for all affected versions. Despite CVSS 7.8, EPSS score of 0.01% indicates minimal observed exploitation activity. No public exploit code identified at time of analysis, though the local attack vector and low complexity suggest post-compromise utility rather than initial access vector.
Buffer overflow in Apple's image processing framework across iOS, iPadOS, macOS, tvOS, and watchOS allows remote attackers to cause denial of service through process memory corruption. Despite the CVSS 7.5 (High) rating and network attack vector, the vulnerability is rated low priority with only 2% EPSS exploitation probability (5th percentile), indicating minimal real-world threat activity. Apple has released patches in version 26.5 across all affected platforms. No active exploitation or public proof-of-concept has been identified at time of analysis.
WebKit memory corruption vulnerability allows remote attackers to trigger denial-of-service process crashes across Apple's entire operating system ecosystem (iOS, iPadOS, macOS, tvOS, watchOS) when processing maliciously crafted web content. Despite a CVSS score of 7.5 suggesting high confidentiality impact, the vendor description indicates only process crash (availability impact), representing a scoring discrepancy that requires clarification. No active exploitation confirmed (not in CISA KEV), EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and vendor patches released across all affected platforms in version 26.5.
Remote denial of service in Apple WebKit (iOS/iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5) allows unauthenticated network attackers to crash browser processes via maliciously crafted web content exploiting a memory handling flaw. CVSS 7.5 (High) reflects network-based attack with no authentication required, though impact is limited to availability (process crash). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. SSVC assessment confirms no active exploitation, but marks it as automatable, suggesting potential for future weaponization in drive-by attacks. Apple has released patches across all affected platforms.
Improper log data redaction across Apple's operating systems exposes sensitive kernel state to locally-installed applications. Vulnerable versions include iOS/iPadOS prior to 18.7.9 and 26.5, macOS Sequoia prior to 15.7.7, macOS Sonoma prior to 14.8.7, macOS Tahoe prior to 26.5, tvOS prior to 26.5, and watchOS prior to 26.5. Apple has released patches for all affected platforms addressing the CWE-532 (insertion of sensitive information into log file) weakness. The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the description of an app-based exploit, suggesting Apple's logging subsystem may be remotely queryable or the vector requires clarification. EPSS score of 0.02% (7th percentile) indicates minimal observed exploitation activity despite the high CVSS rating.
Out-of-bounds read in Apple operating systems allows remote unauthenticated denial-of-service via malicious application. Apple has patched this vulnerability across all affected platforms (iOS/iPadOS, macOS, tvOS, visionOS, watchOS) in version 26.5 releases. Despite CVSS 7.5 HIGH rating, exploitation probability remains low (EPSS 2%, 5th percentile) with no public exploit code identified and no CISA KEV listing. The vulnerability is impact-limited to availability (denial-of-service) with no confidentiality or integrity compromise, though tags indicate potential information disclosure concerns that warrant verification against vendor advisories.
Apple Mail on iOS, iPadOS, and macOS bypasses Lockdown Mode protections when replying to emails, allowing remote image loading that should be blocked. This information disclosure affects all supported Apple OS versions (iOS/iPadOS 18.x, macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x) prior to security updates released in early 2026. The vulnerability undermines a critical privacy protection for high-risk users, enabling email tracking and potential IP address disclosure despite Lockdown Mode activation. EPSS score of 0.02% suggests minimal automated exploitation likelihood, no public exploit or CISA KEV listing identified, though the attack complexity is rated low (CVSS AC:L).
Use-after-free in WebKit across Apple's entire operating system ecosystem enables remote information disclosure via malicious web content. Affects iOS/iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions prior to 26.5. The vulnerability allows network-based unauthenticated attackers to access high-value confidential information through crafted web pages, though the CVE description anomalously mentions process crash (availability impact) while the CVSS vector indicates confidentiality impact only. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) suggests low likelihood of imminent widespread exploitation despite the broad platform impact and network attack vector.
Malicious applications on iOS 26.5, iPadOS 26.5, and visionOS 26.5 can access sensitive user data due to inconsistent user interface state management. The vulnerability stems from UI state handling flaws (CWE-451) that allow apps to bypass expected data access controls. Apple has released patches in iOS/iPadOS 26.5 and visionOS 26.5. Despite a CVSS score of 7.5 (High), the EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation probability in the wild. No public exploit code or CISA KEV listing identified at time of analysis, suggesting this is primarily a platform-hardening fix rather than an actively targeted vulnerability.
Out-of-bounds write in Apple operating systems allows network-based unauthenticated attackers to corrupt kernel memory or cause denial of service without user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms, though the extremely low EPSS score (0.02%) suggests real-world exploitation risk is minimal despite the network attack vector.
Local attackers can modify Apple Keychain state across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS due to improper input validation (CWE-20). This affects all Apple operating systems prior to their respective April 2026 security updates. Despite a CVSS score of 7.5, exploitation requires local access with specific privileges (description states 'local attacker'), contradicting the CVSS vector's AV:N/PR:N rating. EPSS score of 0.02% (7th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis and not listed in CISA KEV. Vendor-released patches available across all platforms as of April 2026.
Buffer overflow in macOS kernel allows local applications to terminate the system or write to kernel memory, affecting macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x. Apple has released security updates patching this vulnerability. Despite the CVSS vector indicating network-based attack (AV:N), the description specifies 'an app may be able to' which confirms local application context, indicating a vector/description inconsistency. EPSS score of 0.02% (4th percentile) suggests low probability of mass exploitation, and no active exploitation or public POC identified at time of analysis.
Malicious applications on macOS Sequoia, Sonoma, and Tahoe can bypass user consent prompts to access the Contacts database through a race condition in symbolic link handling. Apple has patched this privacy control bypass in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5. Despite a network-based CVSS vector scoring 7.5 (High), the actual attack requires local application execution, indicating likely miscategorization in the metric. EPSS exploitation probability is very low (0.02%, 4th percentile) with no active exploitation or public POC identified at time of analysis.
Lock screen bypass in iOS and iPadOS versions prior to 26.5 allows unauthorized access to restricted content without authentication. Apple's security advisory HT227110 confirms the privacy issue affected lock screen content filtering mechanisms. Despite CVSS 7.5 scoring suggesting network exploitation, the vulnerability requires physical access to a locked device, creating a significant disparity between theoretical severity and practical attack surface. EPSS probability of 0.02% (5th percentile) indicates minimal observed exploitation attempts, and no CISA KEV listing or public exploit code exists at time of analysis.
Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain root execution by replacing co-located auxiliary binaries that the multipassd LaunchDaemon invokes via a user-writable PATH directory. The flaw is an incomplete remediation of CVE-2025-5199: while 1.16.0 corrected ownership of the multipassd binary itself, five sibling binaries (multipass, qemu-img, qemu-system-aarch64, qemu-system-x86_64, sshfs_server) were left owned by the installing user and writable, enabling binary planting. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
{ timer_delete_sync(...); put_device(...); } hid_hw_close(hdev); hid_hw_stop(hdev); Even after Window A is closed, hid_hw_close()/hid_hw_stop() still run afterwards, so a late ".event" callback from the HID core (USB URB completion on real Apple hardware) can arrive after timer_delete_sync() drained the softirq but before put_device() drops the reference. That callback reaches reset_inactivity_timer(), which calls mod_timer() and re-arms the timer. The freshly re-armed timer can then fire on the about-to-be-freed backlight_device. Both windows produce the same KASAN slab-use-after-free: BUG: KASAN: slab-use-after-free in __mutex_lock+0x1aab/0x21c0 Read of size 8 at addr ffff88803ee9a108 by task swapper/0/0 Call Trace: <IRQ> __mutex_lock backlight_device_set_brightness appletb_inactivity_timer call_timer_fn run_timer_softirq handle_softirqs Allocated by task N: devm_backlight_device_register appletb_bl_probe Freed by task M: (concurrent hid_appletb_bl unbind path) Close both windows at once by reworking the tear-down in appletb_kbd_remove() and in the probe close_hw error path so that 1) hid_hw_close()/hid_hw_stop() run before the backlight cleanup, guaranteeing no further .event callback can fire and re-arm the timer, and 2) inside the "if (kbd->backlight_dev)" block, timer_delete_sync() runs before put_device(), so the softirq is drained before the final reference is dropped.
Stripe payment processing can be permanently disabled on any WooCommerce store running the PeachPay plugin through version 1.120.46 by an unauthenticated attacker who successfully social-engineers a logged-in site administrator. The vulnerability stems from missing nonce validation on the peachpay_stripe_handle_admin_actions function, allowing a forged cross-site request to irreversibly wipe all Stripe credentials - publishable keys, secret keys, webhook secrets, and Apple Pay configuration - from the WordPress database. No public exploit code or CISA KEV listing has been identified at time of analysis, but the CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms the attack is network-exploitable at low complexity requiring only one user-interaction step.
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config permission inject arbitrary SQL through the custom-report column-config endpoint, which concatenates user-supplied 'sql', 'from', and 'where' fields directly into a query executed via Doctrine's fetchAssociative(). Because the controller returns raw database error messages in its JSON response, attackers can perform error-based extraction (e.g. EXTRACTVALUE) to read credentials and arbitrary tables, and can bypass the keyword denylist using inline /**/ comments to reach UPDATE/INSERT/DELETE - compromising confidentiality and integrity. Publicly available exploit code exists (a full PoC is published in the GitHub advisory); no CISA KEV listing or EPSS score is present in the provided data.
Improper access control in Apple macOS (all versions before Tahoe 26) allows a locally installed application running with standard user privileges to access sensitive user data beyond its authorized scope. The root cause - a faulty permissions enforcement code path - was remediated by removing the vulnerable code entirely in macOS Tahoe 26. No public exploit identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.
Improper access control in Apple macOS allows a locally-executed app to read sensitive user data by exploiting a logic flaw in system-level restrictions. Affected are all macOS versions prior to Tahoe 26, per the CPE data and EUVD-2025-209943. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires no user interaction once an app is running under low privileges, and the confidentiality impact is rated High. No public exploit code exists and this vulnerability is not confirmed actively exploited (CISA KEV).
Out-of-bounds read in Apple macOS (all versions prior to macOS Tahoe 26) allows a locally authenticated, low-privileged application to trigger unexpected system termination, constituting a local denial-of-service condition. The root cause is insufficient bounds checking in a macOS component, addressed by Apple in macOS Tahoe 26. No public exploit code exists and this vulnerability is not listed in CISA KEV, though a vendor-confirmed patch is available.
Improper authorization in Apple macOS allows a locally-installed malicious application to access sensitive user data without proper entitlement checks. Affected releases span three macOS generations: Sequoia (prior to 15.7), Sonoma (prior to 14.8), and the forthcoming Tahoe (prior to 26). The flaw stems from a logic issue in access validation, meaning apps lacking legitimate permissions can bypass gating controls to read protected data. No public exploit code or CISA KEV listing has been identified at time of analysis.
Incorrect permission assignment (CWE-732) in Apple macOS allows a locally-running app to modify protected parts of the file system without authorization. Affected are macOS Sonoma prior to 14.8, macOS Sequoia prior to 15.7, and macOS Tahoe prior to 26, covering three active macOS release trains simultaneously. The CVSS vector (AV:L/AC:L/PR:L/UI:N, I:H) confirms that a low-privileged local app can achieve high-integrity writes to restricted file system regions with no user interaction required; no public exploit has been identified at time of analysis.
Local privilege escalation in Apple macOS allows a malicious or compromised application to win a race condition (CWE-362) and elevate from a normal user context to root. The flaw affects macOS releases prior to Sequoia 15.7 and Tahoe 26, was reported by Apple itself, and is resolved by additional validation in the patched builds. No public exploit has been identified at time of analysis, and the CVSS 7.0 rating reflects high attack complexity tied to reliably hitting the timing window.
Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root by exploiting a logic flaw (improper privilege management) that was resolved with additional validation checks. The flaw affects macOS Sonoma before 14.8, macOS Sequoia before 15.7, and macOS Tahoe before 26, and was reported by Apple itself. There is no public exploit identified at time of analysis and no EPSS or KEV signal was provided, indicating no confirmed active exploitation.
Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape to the host by serving a malicious model whose config.json points model_file at a Python file. The MLX inference backend uses MLX-LM's importlib-based loader with no trust_remote_code gate and no sandbox, so a pull-and-infer request to model-runner.docker.internal executes attacker code as the Docker Desktop user. No public exploit identified at time of analysis and KEV status is not indicated.
Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Docker network to execute Python code on the host as the Docker Desktop user. The vllm-metal backend hardcodes trust_remote_code=True when loading tokenizers and runs unsandboxed, so any model pulled from an OCI registry can ship attacker-controlled Python that executes when inference is requested via the model-runner.docker.internal API. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Arbitrary command execution in IINA media player for macOS versions prior to 1.4.3 allows remote attackers to run shell commands as the logged-in user by tricking the victim into approving an iina://open URL containing malicious mpv_-prefixed parameters. Publicly available exploit code exists and a vendor patch has been released; exploitation requires a single browser protocol prompt approval (UI:A) but no authentication and no valid media file.
Path traversal in Mobile Verification Toolkit (MVT) pip/mvt versions through 2026.4.28 allows an adversary who delivers a crafted iOS backup to trigger arbitrary file writes or reads on the analyst's filesystem by embedding directory traversal sequences in fileID values within the backup's Manifest.db SQLite database. The decrypt-backup command can write attacker-controlled content to arbitrary writable paths - enabling shell profile modification or SSH key injection for code execution - while check-backup can read arbitrary host files into MVT's JSON and CSV forensic output. No public exploit has been identified at time of analysis; vendor-released patch v2026.5.12 is available.
Cross-origin read access to Algernon's SSE auto-refresh event server (versions ≤ 1.17.6) allows any web page visited by a developer to silently subscribe to the live file-change stream via a browser-native EventSource. The root cause is a hardcoded wildcard `Access-Control-Allow-Origin: *` response header in the dedicated SSE port activated by the `-a` flag, with no origin inspection or allow-list logic present in the vendored recwatch handler. No public exploit identified at time of analysis per KEV absence, though a complete working proof-of-concept - including exploit HTML and curl verification transcript - is published in GHSA-hw27-4v2q-5qff.
Algernon's auto-refresh SSE event server unintentionally exposes developer file-change streams to unauthenticated LAN peers on Linux and macOS due to a platform-dependent bind address default that was never intended to reach adjacent hosts. On non-Windows platforms, the SSE listener resolves to 0.0.0.0:5553 (all interfaces), while Windows correctly binds to 127.0.0.1:5553 - a silent asymmetry introduced in engine/flags.go that leaves developers on the most common Algernon platforms exposed whenever they work on shared networks. A publicly available proof-of-concept demonstrates that any host on the same subnet can enumerate project filenames and edit timing with a single unauthenticated curl command, with no developer interaction required; no public exploit identified at time of analysis rises to confirmed active exploitation (not in CISA KEV).
Trilium Notes Electron desktop application on macOS, versions 0.102.1 and prior, permits local attackers to spoof macOS Transparency, Consent, and Control (TCC) permission prompts by exploiting the enabled RunAsNode Electron fuse, which allows arbitrary Node.js code to execute under Trilium's trusted identity. An attacker with local code execution can spawn a subprocess inheriting Trilium's macOS identity and then request TCC-protected resources - camera, microphone, screen, ~/Documents, ~/Downloads - causing the system prompt to appear as if the legitimate Trilium Notes app is requesting access, not the attacker. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, the social-engineering angle makes it particularly dangerous for macOS users who extend implicit trust to Trilium. Version 0.102.2 resolves the issue by disabling the RunAsNode fuse.
Denial of service in dasel (Go data selector library) versions 3.0.0 through 3.10.0 allows attackers who control selector query strings to pin a CPU core at 100% indefinitely via a 2-byte payload (`r/`). The selector lexer's `matchRegexPattern` closure lacks an end-of-input bounds check, causing an infinite loop when tokenizing unterminated regex literals. No public exploit identified at time of analysis beyond the reporter's PoC, and the issue is not listed in CISA KEV.
Denial of service in dasel (Go data selector library) v3.0.0 through v3.10.0 allows attackers who influence selector query strings to crash the host process via a 2-byte input. A trailing backslash inside a quoted selector (e.g., `"\` or `'\`) triggers an index-out-of-range panic in the lexer's escape-sequence handler. Publicly available exploit code exists (PoC in the GHSA advisory), and no public exploit identified at time of analysis indicates in-the-wild abuse.
Path traversal in go-git allows crafted repository payloads to write files outside the intended checkout directory, including into the repository's .git directory and parent paths. The vulnerability stems from go-git failing to implement path validation checks that upstream Git adopted years ago, creating a drift-induced security gap across all supported platforms - with additional platform-specific attack vectors affecting Windows and macOS users distinctly. CVSS scores this at 5.4 medium with no public exploit identified at time of analysis and no CISA KEV listing, but the real-world risk is elevated in automated pipelines or developer tooling that processes untrusted repositories without human review.
Firefox for iOS Reader mode exposed an unauthenticated local HTTP server on the device, enabling a co-installed malicious application to request arbitrary URLs through that server and receive responses rendered with the authenticated user's session cookies. Affected versions are all Firefox for iOS releases prior to 151.0, confirmed by Mozilla Security Advisory MFSA2026-49. No public exploit code has been identified and CISA SSVC rates exploitation as none at time of analysis, but successful exploitation would allow silent exfiltration of authenticated web content from the victim's active browsing session.
Local privilege escalation in Mullvad VPN for macOS versions 2026.1 and earlier allows a user in the admin group to gain root code execution during installation or upgrade. The installer's preinstall script executes binaries from /Applications/Mullvad VPN.app without verifying the bundle's integrity, enabling an admin-group attacker to pre-stage a malicious app bundle that runs as root. No public exploit identified at time of analysis, and the flaw is only triggerable when an installer is run, not on already-installed systems.
Off-host request forgery in the Faraday Ruby HTTP client library (versions 2.0.0-2.14.1) allows a remote unauthenticated attacker who can influence the per-request target to redirect HTTP requests - along with connection-scoped `Authorization` headers - to an arbitrary attacker-controlled host. This is a bypass of the February 2026 patch for CVE-2026-25765 (GHSA-33mh-2634-fwr2): the prior fix sanitized `String` inputs to `Faraday::Connection#build_exclusive_url` but failed to handle `URI` objects, which Ruby's URI parser resolves differently. Publicly available exploit code (proof-of-concept) exists and was independently confirmed against an external HTTP collector, demonstrating real-world credential exfiltration.
Open WebUI versions up to 0.8.8 expose admin-configured system prompts to authenticated regular (non-admin) users through the /api/models API endpoint, allowing information disclosure of sensitive model instructions and internal configuration details. The vulnerability requires valid user authentication but no administrative privileges, enabling any authenticated user to retrieve confidential system prompts via a simple HTTP GET request. This is confirmed actively exploited in production deployments with a publicly available proof-of-concept.
Out-of-bounds memory read in Google Chrome on iOS versions before 148.0.7778.168 enables remote attackers to access sensitive memory contents through a compromised renderer process. The vulnerability requires user interaction to visit a malicious webpage and exploitation of a prior renderer compromise. With EPSS at 0.03% and no known active exploitation, this represents a moderate risk primarily in targeted attack chains.
Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CSS injection in mistune's Image directive plugin allows unauthenticated remote attackers to inject arbitrary CSS properties via the :width: or :height: options in fenced image directives, enabling full-page phishing overlays and UI redressing attacks. The vulnerability stems from a prefix-only regex validation (_num_re.match() with no end-of-string anchor) that accepts values like '100vw;position:fixed;background-color:#e11d48;...' and renders them unescaped into style= attributes. Confirmed fixed in v3.2.1; publicly available proof-of-concept demonstrates full-viewport colored overlay generation from a single malicious :width: directive.
Cross-site scripting (XSS) vulnerability in mistune's render_toc_ul() function allows attackers to inject arbitrary HTML and JavaScript into table-of-contents output by crafting malicious heading IDs. When heading identifiers are derived from user-supplied text (standard practice for readable slug anchors), an attacker can break out of the href attribute context with a payload like `x"><script>alert(document.cookie)</script><a href="`, causing the script block to execute in the rendered TOC. The vulnerability requires user interaction (UI:R) to view the poisoned TOC but affects all users of the generated page. Vendor-released patch available in mistune 3.2.1.
OS command injection in Fleet's software installer pipeline allows arbitrary code execution as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when a specially crafted software package is uninstalled. The vulnerability exists because package metadata fields are not sanitized before being incorporated into auto-generated uninstall scripts. An attacker with the ability to upload packages to Fleet can exploit this by embedding malicious commands in package metadata fields, resulting in code execution with elevated privileges when endpoints execute the uninstall operation. Patch version 4.81.1 available.
Remote unauthenticated attackers can crash Klever-Go blockchain validators by sending a single 48 KiB compressed gossip packet that decompresses to multi-gigabyte allocations, killing the process via out-of-memory condition. The vulnerability in Batch.Decompress performs unbounded gzip decompression before anti-flood checks execute, enabling a single malicious peer to OOM-kill validators and disrupt chain liveness. Proof-of-concept demonstrates 45,604× amplification (48 KiB wire → 2.1 GiB heap). No public exploit identified at time of analysis, but vendor confirms internal discovery and patch development in progress.
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data.
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.
An information leakage was addressed with additional validation. This issue is fixed in macOS Tahoe 26.5. An app may be able to gain root privileges.
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service.
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
Buffer overflow in macOS allows remote unauthenticated attackers to cause system crashes and denial of service without user interaction. Affects macOS Sequoia versions prior to 15.7.7 and macOS Tahoe versions prior to 26.5. Apple has released patches addressing the vulnerability through improved bounds checking. Despite network-based attack vector and low complexity (CVSS 7.5), EPSS score of 0.05% (15th percentile) indicates minimal observed exploitation activity, and CISA SSVC framework confirms no active exploitation detected. Automatable attack path suggests potential for scanning-based campaigns if exploited.
Sandbox escape vulnerability in Apple operating systems allows malicious apps with low privileges to break out of application sandbox and execute code with elevated privileges on the host system. Affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms. EPSS score of 0.02% (7th percentile) indicates low probability of mass exploitation in the wild, though the CVSS 8.8 score reflects significant potential impact if successfully weaponized. No active exploitation confirmed at time of analysis.
Type confusion vulnerability in Apple's operating systems allows remote unauthenticated attackers to trigger denial of service across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has released patches addressing the issue in iOS/iPadOS 18.7.9 and 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. The CVSS vector indicates network-accessible exploitation with low complexity and no privileges required, though EPSS score of 0.13% (32nd percentile) suggests relatively low likelihood of widespread exploitation. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Process memory corruption in Apple's image processing subsystem across iOS, iPadOS, macOS, tvOS, and visionOS allows remote attackers to extract confidential data from process memory via crafted images. The vulnerability affects all Apple operating systems prior to their respective May 2026 security updates. CVSS vector indicates network-based, unauthenticated exploitation requiring no user interaction beyond processing the image, though the CVSS score focuses on confidentiality impact (C:H) with no integrity or availability impact. EPSS score of 0.02% suggests low observed exploitation likelihood, with no CISA KEV listing or public POC identified at time of analysis. Apple has released patches across all affected platforms.
The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file may terminate the process.
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Memory corruption in Apple operating systems allows remote attackers to trigger unexpected app termination or corrupt process memory by delivering a maliciously crafted media file to users, requiring user interaction to open the file. Affects iOS/iPadOS 26.4 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. No public exploit identified at time of analysis; vendor-released patches are available across all affected platforms.
An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen.
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Tahoe 26.5. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
A use-after-free vulnerability in Apple's Wi-Fi stack allows attackers in a privileged network position to cause denial-of-service via crafted Wi-Fi packets. The vulnerability affects iOS and iPadOS versions prior to 26.5 and 18.7.9, macOS versions prior to 26.5, 15.7.7, and 14.8.7, and tvOS, watchOS versions prior to 26.5. Exploitation requires adjacent network access and specific radio conditions (AC:H) but results in high availability impact with no active public exploitation identified.
Remote attackers can crash Apple devices or corrupt kernel memory without authentication via a use-after-free vulnerability affecting iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has released patches across eight separate security bulletins (HT127110-127120) fixing this memory management flaw in all supported OS versions. EPSS score of 0.10% (28th percentile) suggests low exploitation probability despite the network-accessible attack vector and lack of authentication requirements. No active exploitation or public POC identified at time of analysis.
macOS Tahoe allows applications to access protected user data due to insufficient permission enforcement on system APIs. The vulnerability affects all macOS versions prior to 26.5 and is tagged as an authentication bypass, indicating apps can circumvent permission prompts or system restrictions to read sensitive data without user consent. While not yet actively exploited (EPSS 0.01%, no CISA KEV listing), the CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the local application context described, suggesting potential network-accessible component or misclassified attack vector requiring vendor clarification.
High confidentiality information disclosure across Apple's ecosystem (iOS, iPadOS, macOS, visionOS) allows remote unauthenticated attackers to extract sensitive data by delivering a maliciously crafted file. The vulnerability affects all current Apple operating systems and was fixed in March 2026 security updates (iOS/iPadOS 18.7.9/26.5, macOS 14.8.7/26.5, visionOS 26.5). Despite CVSS 7.5 HIGH rating and network attack vector requiring no privileges, EPSS exploitation probability is very low at 0.02% (5th percentile), suggesting minimal real-world risk. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.
Apps on iOS and iPadOS can bypass App Privacy Report logging due to insufficient entitlement checks, allowing malicious applications to conceal their privacy-invasive activities from users. Fixed in iOS/iPadOS 18.7.9 and 26.4. The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the actual attack requirements, as exploitation requires a malicious app already installed on the device, not remote network access. Despite the 7.5 CVSS score, EPSS exploitation probability is very low (0.02%, 5th percentile), no active exploitation is confirmed, and no public exploit code identified at time of analysis.
Physical access to a locked macOS Tahoe device prior to version 26.5 allows an attacker to view sensitive user information without authentication. The vulnerability has a low EPSS score (0.02%, 6th percentile) and CISA assesses it as non-exploitable in the wild (SSVC exploitation: none), indicating this is a low-probability real-world threat despite the confidentiality impact rating. The fix is available in macOS Tahoe 26.5.
Improper bounds checking in Apple operating systems allows processing of maliciously crafted files to cause unexpected application termination (denial of service) on iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability affects multiple major OS versions and requires local file processing without user interaction, but has extremely low real-world exploitation probability (EPSS 0.02%) despite moderate CVSS score.
Information leakage in Apple operating systems allows remote attackers to extract sensitive data by crafting and hosting malicious websites that users visit. The vulnerability affects iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. Exploitation requires user interaction (UI:R) to visit a malicious website but does not require authentication, with an EPSS score of 0.03 percent indicating low real-world exploitation probability despite the information disclosure impact.
Local authenticated apps bypass user consent mechanisms to access sensitive user data across iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. The vulnerability allows malicious or compromised applications running with standard user privileges to exfiltrate protected information without triggering the expected permission prompts. Apple has patched this by implementing an additional consent verification layer, though the low EPSS score (0.02%) suggests real-world exploitation remains limited.
Null pointer dereference in Apple operating systems (iOS, iPadOS, macOS Tahoe, tvOS) allows local network attackers to cause denial of service by sending crafted input that bypasses validation. The vulnerability affects all versions prior to iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5. No code execution or data compromise is possible; impact is limited to availability disruption on affected devices.
A race condition in Apple operating systems allows authenticated local attackers to access sensitive user data with high complexity exploitation. The vulnerability affects iOS 18.7.9 and earlier, iPadOS 18.7.9 and earlier, iOS 26.5 and earlier, iPadOS 26.5 and earlier, macOS Sequoia 15.7.7 and earlier, macOS Sonoma 14.8.7 and earlier, macOS Tahoe 26.5 and earlier, and visionOS 26.5 and earlier. Vendor-released patches are available, and exploitation requires local access with user-level privileges and high technical complexity. The EPSS score of 0.02% and absence from active exploitation databases indicate low real-world exploitation risk despite the high confidentiality impact.
Buffer overflow in Apple operating systems allows local unauthenticated users to cause unexpected system termination or read kernel memory without requiring user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions, with exploitation limited to local access. Vendor-released patches are available for all affected platforms, and EPSS scoring of 0.03% indicates exploitation remains unlikely despite the local attack vector.
Denial of service in Apple macOS prior to version 26.5 allows remote attackers to crash Safari via maliciously crafted web content that triggers a use-after-free memory condition. The vulnerability requires user interaction (opening a malicious webpage) but no authentication, affecting all macOS versions before 26.5. EPSS exploitation probability is very low at 0.02%, suggesting limited real-world attack incentive despite the crash capability.
Out-of-bounds read in Apple operating systems allows malicious applications to crash the system or leak kernel memory across iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5. The vulnerability requires local application execution but no user interaction, enabling information disclosure and denial-of-service attacks. Despite high CVSS 7.3 scoring, the EPSS probability is very low (0.02%, 5th percentile), indicating minimal observed exploitation activity. Vendor-released patches are available for all affected platforms.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.
Kernel memory disclosure vulnerability affects all major Apple operating systems through improper memory handling. Malicious apps can read sensitive kernel memory contents remotely without authentication (CVSS 7.5, AV:N). Apple has released patches across iOS/iPadOS (versions 18.7.9 and 26.5), macOS (Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5), tvOS 26.5, visionOS 26.5, and watchOS 26.5. Despite the network attack vector, EPSS score remains very low at 0.02% (7th percentile), suggesting limited real-world exploitation probability. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Insufficient permission enforcement in macOS Tahoe prior to 26.5 allows applications to bypass access controls and read protected user data without proper authorization. Apple addressed the vulnerability through hardened permission checks in version 26.5. EPSS probability indicates minimal observed exploitation activity (0.01%, 3rd percentile), and no public exploit code or CISA KEV listing exists at time of analysis, suggesting exploitation requires application-specific development effort rather than readily available tooling.
Denial-of-service vulnerability in iOS and iPadOS allows network-positioned attackers with high privileges to crash or degrade service availability through insufficient input validation. Apple addressed this with patches in iOS 18.7.7, iPadOS 18.7.7, iOS 26.4, and iPadOS 26.4. EPSS score of 0.02% (5th percentile) indicates very low real-world exploitation probability despite CVSS score of 4.9.
Privacy bypass in Apple operating systems allows local authenticated apps to circumvent user-configured privacy restrictions through permission mishandling. The vulnerability affects iOS, iPadOS, macOS Tahoe, visionOS, and watchOS versions prior to 26.5. An attacker with local app execution privileges can access sensitive data classified as restricted by user privacy settings, though without authentication bypass or integrity compromise. Fixed in coordinated OS updates across Apple's ecosystem.
The issue was addressed with improved UI handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download settings.
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
Privilege escalation in Apple operating systems allows local authenticated applications to gain root privileges through an authorization flaw in state management. Affects multiple macOS versions (Sonoma, Sequoia, Tahoe) and iOS/iPadOS versions prior to patched releases. Apple has issued coordinated security updates across all affected platforms (iOS 18.7.9/26.5, iPadOS 18.7.9/26.5, macOS Sonoma 14.8.7, Sequoia 15.7.7, Tahoe 26.5). EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation despite high CVSS 7.8, with no public exploit identified at time of analysis and no CISA KEV listing. The local attack vector requiring authenticated privileges substantially reduces immediate risk compared to network-based vulnerabilities.
IP address tracking across iOS, iPadOS, macOS, and visionOS allows remote attackers to correlate user activity without authentication due to improper state management (CWE-359: Exposure of Private Personal Information). The vulnerability affects default configurations across six Apple OS versions with network-accessible attack vector and low complexity. EPSS score of 0.02% (7th percentile) indicates minimal observed exploitation activity. Apple released coordinated patches across all affected platforms in March 2026 security updates.
Improper permissions checking in macOS before version 26.4 allows a malicious app with local user privileges to access arbitrary files without user interaction, potentially exposing sensitive data. The vulnerability has a low EPSS score (0.01%) and no confirmed active exploitation, making it a low-priority but real local privilege escalation risk for systems where untrusted applications may execute.
Use-after-free in WebKit allows remote attackers to trigger Safari crashes and potentially achieve arbitrary code execution across Apple's entire ecosystem (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) via maliciously crafted web content. Users must visit or be tricked into visiting a malicious webpage (UI:R). Despite CVSS 8.8 (High) with theoretical code execution impact (C:H/I:H/A:H), EPSS probability is extremely low (0.02%, 5th percentile), indicating minimal observed exploitation activity. No public exploit identified at time of analysis, and vendor patches are available across all platforms as of version 26.5.
Memory corruption in Safari's WebKit engine across all Apple platforms allows remote attackers to trigger information disclosure via maliciously crafted web content delivered through network-accessible attack vectors requiring no authentication or user interaction. Despite the vendor description focusing on crash scenarios, the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates high confidentiality impact with no availability impact, suggesting potential memory disclosure rather than denial of service. Patched in iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation despite network-accessible attack vector.
Memory corruption in Apple operating systems due to a race condition in locking mechanisms allows local authenticated attackers to cause unexpected app termination or potential denial of service. The vulnerability affects iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. Vendor-released patches are available across all affected platforms, with no public exploit identified at time of analysis.
Integer overflow in Apple operating systems allows remote unauthenticated attackers to crash devices via maliciously crafted input, causing denial of service through system termination. Affects iOS/iPadOS versions prior to 18.7.9, macOS Sequoia prior to 15.7.7, macOS Sonoma prior to 14.8.7, and macOS Tahoe prior to 26.5. Apple has released patches for all affected platforms. Despite the network attack vector and lack of authentication requirements (CVSS AV:N/PR:N), EPSS exploitation probability is very low at 0.02% (5th percentile), and no public exploits or active exploitation have been identified. Not listed in CISA KEV, suggesting limited real-world targeting.
Memory corruption in WebKit across Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS) allows remote attackers to access sensitive information via malicious web content. CVSS vector indicates network-based exploitation requiring no user interaction or authentication (AV:N/AC:L/PR:N/UI:N), contradicting the description's 'process crash' outcome with the High Confidentiality impact rating. EPSS score of 0.02% (5th percentile) suggests low real-world exploitation probability. Vendor patches available for all affected platforms (version 26.5). SSVC framework rates this as automatable with partial technical impact but no observed exploitation.
Local privilege escalation in macOS allows authenticated users with low-level access to gain root privileges through a permissions enforcement flaw. Affects macOS Tahoe (pre-26.4), Sequoia (pre-15.7.7), and Sonoma (pre-14.8.7). Apple has released patches for all affected versions. Despite CVSS 7.8, EPSS score of 0.01% indicates minimal observed exploitation activity. No public exploit code identified at time of analysis, though the local attack vector and low complexity suggest post-compromise utility rather than initial access vector.
Buffer overflow in Apple's image processing framework across iOS, iPadOS, macOS, tvOS, and watchOS allows remote attackers to cause denial of service through process memory corruption. Despite the CVSS 7.5 (High) rating and network attack vector, the vulnerability is rated low priority with only 2% EPSS exploitation probability (5th percentile), indicating minimal real-world threat activity. Apple has released patches in version 26.5 across all affected platforms. No active exploitation or public proof-of-concept has been identified at time of analysis.
WebKit memory corruption vulnerability allows remote attackers to trigger denial-of-service process crashes across Apple's entire operating system ecosystem (iOS, iPadOS, macOS, tvOS, watchOS) when processing maliciously crafted web content. Despite a CVSS score of 7.5 suggesting high confidentiality impact, the vendor description indicates only process crash (availability impact), representing a scoring discrepancy that requires clarification. No active exploitation confirmed (not in CISA KEV), EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and vendor patches released across all affected platforms in version 26.5.
Remote denial of service in Apple WebKit (iOS/iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5) allows unauthenticated network attackers to crash browser processes via maliciously crafted web content exploiting a memory handling flaw. CVSS 7.5 (High) reflects network-based attack with no authentication required, though impact is limited to availability (process crash). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. SSVC assessment confirms no active exploitation, but marks it as automatable, suggesting potential for future weaponization in drive-by attacks. Apple has released patches across all affected platforms.
Improper log data redaction across Apple's operating systems exposes sensitive kernel state to locally-installed applications. Vulnerable versions include iOS/iPadOS prior to 18.7.9 and 26.5, macOS Sequoia prior to 15.7.7, macOS Sonoma prior to 14.8.7, macOS Tahoe prior to 26.5, tvOS prior to 26.5, and watchOS prior to 26.5. Apple has released patches for all affected platforms addressing the CWE-532 (insertion of sensitive information into log file) weakness. The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the description of an app-based exploit, suggesting Apple's logging subsystem may be remotely queryable or the vector requires clarification. EPSS score of 0.02% (7th percentile) indicates minimal observed exploitation activity despite the high CVSS rating.
Out-of-bounds read in Apple operating systems allows remote unauthenticated denial-of-service via malicious application. Apple has patched this vulnerability across all affected platforms (iOS/iPadOS, macOS, tvOS, visionOS, watchOS) in version 26.5 releases. Despite CVSS 7.5 HIGH rating, exploitation probability remains low (EPSS 2%, 5th percentile) with no public exploit code identified and no CISA KEV listing. The vulnerability is impact-limited to availability (denial-of-service) with no confidentiality or integrity compromise, though tags indicate potential information disclosure concerns that warrant verification against vendor advisories.
Apple Mail on iOS, iPadOS, and macOS bypasses Lockdown Mode protections when replying to emails, allowing remote image loading that should be blocked. This information disclosure affects all supported Apple OS versions (iOS/iPadOS 18.x, macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x) prior to security updates released in early 2026. The vulnerability undermines a critical privacy protection for high-risk users, enabling email tracking and potential IP address disclosure despite Lockdown Mode activation. EPSS score of 0.02% suggests minimal automated exploitation likelihood, no public exploit or CISA KEV listing identified, though the attack complexity is rated low (CVSS AC:L).
Use-after-free in WebKit across Apple's entire operating system ecosystem enables remote information disclosure via malicious web content. Affects iOS/iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions prior to 26.5. The vulnerability allows network-based unauthenticated attackers to access high-value confidential information through crafted web pages, though the CVE description anomalously mentions process crash (availability impact) while the CVSS vector indicates confidentiality impact only. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) suggests low likelihood of imminent widespread exploitation despite the broad platform impact and network attack vector.
Malicious applications on iOS 26.5, iPadOS 26.5, and visionOS 26.5 can access sensitive user data due to inconsistent user interface state management. The vulnerability stems from UI state handling flaws (CWE-451) that allow apps to bypass expected data access controls. Apple has released patches in iOS/iPadOS 26.5 and visionOS 26.5. Despite a CVSS score of 7.5 (High), the EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation probability in the wild. No public exploit code or CISA KEV listing identified at time of analysis, suggesting this is primarily a platform-hardening fix rather than an actively targeted vulnerability.
Out-of-bounds write in Apple operating systems allows network-based unauthenticated attackers to corrupt kernel memory or cause denial of service without user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms, though the extremely low EPSS score (0.02%) suggests real-world exploitation risk is minimal despite the network attack vector.
Local attackers can modify Apple Keychain state across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS due to improper input validation (CWE-20). This affects all Apple operating systems prior to their respective April 2026 security updates. Despite a CVSS score of 7.5, exploitation requires local access with specific privileges (description states 'local attacker'), contradicting the CVSS vector's AV:N/PR:N rating. EPSS score of 0.02% (7th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis and not listed in CISA KEV. Vendor-released patches available across all platforms as of April 2026.
Buffer overflow in macOS kernel allows local applications to terminate the system or write to kernel memory, affecting macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x. Apple has released security updates patching this vulnerability. Despite the CVSS vector indicating network-based attack (AV:N), the description specifies 'an app may be able to' which confirms local application context, indicating a vector/description inconsistency. EPSS score of 0.02% (4th percentile) suggests low probability of mass exploitation, and no active exploitation or public POC identified at time of analysis.
Malicious applications on macOS Sequoia, Sonoma, and Tahoe can bypass user consent prompts to access the Contacts database through a race condition in symbolic link handling. Apple has patched this privacy control bypass in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5. Despite a network-based CVSS vector scoring 7.5 (High), the actual attack requires local application execution, indicating likely miscategorization in the metric. EPSS exploitation probability is very low (0.02%, 4th percentile) with no active exploitation or public POC identified at time of analysis.
Lock screen bypass in iOS and iPadOS versions prior to 26.5 allows unauthorized access to restricted content without authentication. Apple's security advisory HT227110 confirms the privacy issue affected lock screen content filtering mechanisms. Despite CVSS 7.5 scoring suggesting network exploitation, the vulnerability requires physical access to a locked device, creating a significant disparity between theoretical severity and practical attack surface. EPSS probability of 0.02% (5th percentile) indicates minimal observed exploitation attempts, and no CISA KEV listing or public exploit code exists at time of analysis.