Skip to main content

Apple

8071 CVEs vendor

Monthly

CVE-2025-43430 MEDIUM PATCH This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-43429 MEDIUM PATCH This Month

A buffer overflow was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43427 MEDIUM PATCH This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43426 MEDIUM This Month

A logging issue was addressed with improved data redaction. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43425 MEDIUM PATCH This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43424 MEDIUM This Month

Buffer overflow vulnerability (CWE-119) in Apple's HID (Human Interface Device) subsystem affecting macOS Tahoe, iOS, and iPadOS that allows a malicious or compromised HID device to trigger an unexpected process crash, resulting in denial of service. The vulnerability requires adjacent network access and no user interaction, but does not compromise confidentiality or integrity. Apple has patched this issue in version 26.1 across affected platforms.

Buffer Overflow Apple
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-43423 LOW Monitor

A logging issue was addressed with improved data redaction. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
2.0
EPSS
0.0%
CVE-2025-43422 MEDIUM Monitor

The issue was addressed by adding additional logic. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-43421 MEDIUM PATCH This Month

Multiple issues were addressed by disabling array allocation sinking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43420 MEDIUM This Month

A race condition was addressed with improved state handling. Rated medium severity (CVSS 4.7). No vendor patch available.

Apple Race Condition Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-43419 HIGH PATCH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-43414 MEDIUM This Month

A permissions issue was addressed with improved validation. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-43413 HIGH This Week

An access issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43412 MEDIUM This Month

A file quarantine bypass was addressed with additional checks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-43411 MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43409 MEDIUM This Month

A permissions issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43408 LOW Monitor

This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-43407 HIGH This Week

This issue was addressed with improved entitlements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43405 HIGH This Week

A permissions issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43401 HIGH This Week

A denial-of-service issue was addressed with improved validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-43399 HIGH This Month

This issue was addressed with improved redaction of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS iOS
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43398 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43397 MEDIUM This Month

A permissions issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43396 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43395 LOW Monitor

This issue was addressed with improved handling of symlinks. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43394 MEDIUM This Month

This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43392 MEDIUM PATCH This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Apple Information Disclosure Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43391 MEDIUM This Month

A privacy issue was addressed with improved handling of temporary files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43390 MEDIUM This Month

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Intel Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43389 MEDIUM This Month

A privacy issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43387 HIGH This Month

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43386 HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43385 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43384 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43383 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43382 MEDIUM This Month

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43380 MEDIUM This Month

An out-of-bounds write issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43379 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43378 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43377 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure macOS iOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43376 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-43373 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43365 LOW Monitor

A denial-of-service issue was addressed with improved input validation. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-43364 HIGH This Week

A race condition was addressed with additional validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Race Condition Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43361 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43360 MEDIUM This Month

The issue was addressed with improved UI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43350 LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os iOS
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-43348 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43345 MEDIUM This Month

A correctness issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43338 HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-43336 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-43335 MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43334 MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43323 HIGH This Week

This issue was addressed with additional entitlement checks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-43322 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43309 LOW Monitor

A logic issue was addressed with improved checks. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-43288 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-12105 HIGH PATCH This Week

Remote denial-of-service in libsoup affects GNOME and WebKit-based applications that rely on the library for HTTP/2 client communication. A race in the asynchronous message-queue handling lets a queue item be freed twice when network operations are aborted at precise timing, producing a use-after-free that crashes the consuming application. Red Hat reported the issue and has shipped errata fixes; there is no public exploit identified at time of analysis and the flaw is confined to availability impact (no code execution or data exposure indicated).

Memory Corruption Apple Denial Of Service Use After Free
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-43313 MEDIUM This Month

Local applications on macOS can bypass access controls to read sensitive user data through a logic flaw in permission enforcement, fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. The vulnerability requires user interaction to trigger (such as launching a malicious app) and affects all three recent macOS versions. With an EPSS score of 0.01% and no confirmed active exploitation, this represents a low real-world exploitation probability despite moderate CVSS severity.

Apple macOS Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43282 MEDIUM This Month

Double free memory management vulnerability in Apple operating systems (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) allows local apps to trigger unexpected system termination through memory corruption. Affecting iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, macOS Ventura 13.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation confirmed; EPSS score of 0.01% indicates minimal real-world exploitation probability despite moderate CVSS rating.

Apple iOS macOS Memory Corruption Denial Of Service +5
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43280 MEDIUM This Month

Mail in Lockdown Mode on iOS and iPadOS allows information disclosure through remote image loading when forwarding emails, bypassing Lockdown Mode's protections designed to prevent such tracking. Apple released patches in iOS 18.6 and iPadOS 18.6 that prevent remote image loading in this scenario. The vulnerability requires user interaction (forwarding an email) and affects unauthenticated remote attackers, with an EPSS score of 0.03% indicating low real-world exploitation probability despite the network attack vector.

Apple iOS Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-7779 HIGH This Week

Local privilege escalation due to insecure XPC service configuration. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2025-10859 MEDIUM This Month

Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43400 MEDIUM This Month

An out-of-bounds write issue was addressed with improved bounds checking. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-11130 HIGH This Week

Local privilege escalation in iHongRen pptp-vpn 1.0/1.0.1 for macOS allows unauthenticated local users to execute arbitrary code with elevated privileges by exploiting missing authentication in the XPC service helper tool. Public exploit code exists on GitHub demonstrating the authentication bypass in shouldAcceptNewConnection function. Despite CVSS 7.3 severity, EPSS exploitation probability remains low (0.03%, 8th percentile), suggesting limited real-world targeting, though the availability of working POC code increases risk for local attackers with physical or remote desktop access.

Authentication Bypass Apple
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-20363 CRITICAL CERT-EU This Week

A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Apple RCE Heap Overflow Cisco +4
NVD
CVSS 3.1
9.0
EPSS
5.7%
CVE-2025-20352 HIGH KEV THREAT CERT-EU Act Now

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Stack Overflow Buffer Overflow Apple RCE Denial Of Service +3
NVD
CVSS 3.1
7.7
EPSS
2.0%
CVE-2025-20338 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20327 HIGH This Month

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-20316 MEDIUM This Month

A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20315 HIGH This Month

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20314 MEDIUM This Month

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-20313 MEDIUM This Month

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Path Traversal
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-20312 HIGH This Month

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-20311 HIGH This Month

A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-20293 MEDIUM This Month

A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20240 MEDIUM This Month

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-20160 HIGH This Month

A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cisco Apple Information Disclosure
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-20149 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Apple
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20334 HIGH This Month

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Apple
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10906 HIGH POC This Week

Missing authentication in Magnetism Studios Endurance macOS app (versions up to 3.3.0) allows local unprivileged attackers to execute code with elevated privileges via the com.MagnetismStudios.endurance.helper NSXPC service. The loadModuleNamed:WithReply function in the LaunchServices helper lacks proper authentication checks, enabling local privilege escalation. Publicly available exploit code exists (GitHub POC published), but EPSS probability remains low at 0.03% (7th percentile), indicating limited real-world exploitation to date. Not listed in CISA KEV, suggesting targeted proof-of-concept activity rather than widespread attacks.

Authentication Bypass Apple
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-34192 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Apple Information Disclosure Virtual Appliance Application Virtual Appliance Host +1
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-34191 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation Virtual Appliance Application Virtual Appliance Host macOS
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-34190 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (macOS/Linux client deployments) are vulnerable to an authentication. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Virtual Appliance Application Virtual Appliance Host macOS
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-34189 MEDIUM POC This Month

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Virtual Appliance Application Virtual Appliance Host macOS
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-34188 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Virtual Appliance Application Virtual Appliance Host macOS
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2023-53322 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Wait for io return on terminate rport System crash due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Memory Corruption Apple Use After Free Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10290 MEDIUM PATCH This Month

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-43372 HIGH This Week

The issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43369 MEDIUM This Month

This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Red Hat +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A buffer overflow was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Red Hat +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Red Hat +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logging issue was addressed with improved data redaction. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Red Hat +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Buffer overflow vulnerability (CWE-119) in Apple's HID (Human Interface Device) subsystem affecting macOS Tahoe, iOS, and iPadOS that allows a malicious or compromised HID device to trigger an unexpected process crash, resulting in denial of service. The vulnerability requires adjacent network access and no user interaction, but does not compromise confidentiality or integrity. Apple has patched this issue in version 26.1 across affected platforms.

Buffer Overflow Apple
NVD VulDB
EPSS 0% CVSS 2.0
LOW Monitor

A logging issue was addressed with improved data redaction. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

The issue was addressed by adding additional logic. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple issues were addressed by disabling array allocation sinking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A race condition was addressed with improved state handling. Rated medium severity (CVSS 4.7). No vendor patch available.

Apple Race Condition Information Disclosure
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Red Hat +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

A permissions issue was addressed with improved validation. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An access issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A file quarantine bypass was addressed with additional checks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 2.4
LOW Monitor

This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 7.8
HIGH This Week

This issue was addressed with improved entitlements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

A permissions issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A denial-of-service issue was addressed with improved validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 7.5
HIGH This Month

This issue was addressed with improved redaction of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 3.3
LOW Monitor

This issue was addressed with improved handling of symlinks. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Apple Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed with improved handling of temporary files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Intel Apple +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 7.8
HIGH This Month

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds write issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 2.8
LOW Monitor

A denial-of-service issue was addressed with improved input validation. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A race condition was addressed with additional validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Race Condition Information Disclosure
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved UI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 2.4
LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A correctness issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple XSS
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure
NVD
EPSS 0% CVSS 8.1
HIGH This Week

This issue was addressed with additional entitlement checks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure
NVD
EPSS 0% CVSS 2.4
LOW Monitor

A logic issue was addressed with improved checks. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial-of-service in libsoup affects GNOME and WebKit-based applications that rely on the library for HTTP/2 client communication. A race in the asynchronous message-queue handling lets a queue item be freed twice when network operations are aborted at precise timing, producing a use-after-free that crashes the consuming application. Red Hat reported the issue and has shipped errata fixes; there is no public exploit identified at time of analysis and the flaw is confined to availability impact (no code execution or data exposure indicated).

Memory Corruption Apple Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Local applications on macOS can bypass access controls to read sensitive user data through a logic flaw in permission enforcement, fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. The vulnerability requires user interaction to trigger (such as launching a malicious app) and affects all three recent macOS versions. With an EPSS score of 0.01% and no confirmed active exploitation, this represents a low real-world exploitation probability despite moderate CVSS severity.

Apple macOS Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Double free memory management vulnerability in Apple operating systems (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) allows local apps to trigger unexpected system termination through memory corruption. Affecting iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, macOS Ventura 13.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation confirmed; EPSS score of 0.01% indicates minimal real-world exploitation probability despite moderate CVSS rating.

Apple iOS macOS +7
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Mail in Lockdown Mode on iOS and iPadOS allows information disclosure through remote image loading when forwarding emails, bypassing Lockdown Mode's protections designed to prevent such tracking. Apple released patches in iOS 18.6 and iPadOS 18.6 that prevent remote image loading in this scenario. The vulnerability requires user interaction (forwarding an email) and affects unauthenticated remote attackers, with an EPSS score of 0.03% indicating low real-world exploitation probability despite the network attack vector.

Apple iOS Information Disclosure +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Local privilege escalation due to insecure XPC service configuration. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

An out-of-bounds write issue was addressed with improved bounds checking. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Local privilege escalation in iHongRen pptp-vpn 1.0/1.0.1 for macOS allows unauthenticated local users to execute arbitrary code with elevated privileges by exploiting missing authentication in the XPC service helper tool. Public exploit code exists on GitHub demonstrating the authentication bypass in shouldAcceptNewConnection function. Despite CVSS 7.3 severity, EPSS exploitation probability remains low (0.03%, 8th percentile), suggesting limited real-world targeting, though the availability of working POC code increases risk for local attackers with physical or remote desktop access.

Authentication Bypass Apple
NVD GitHub VulDB
EPSS 6% CVSS 9.0
CRITICAL This Week

A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Apple RCE +6
NVD
EPSS 2% CVSS 7.7
HIGH KEV THREAT Act Now

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Stack Overflow Buffer Overflow Apple +5
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure +1
NVD
EPSS 0% CVSS 7.7
HIGH This Month

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple
NVD
EPSS 0% CVSS 8.6
HIGH This Month

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Path Traversal
NVD
EPSS 0% CVSS 7.7
HIGH This Month

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco
NVD
EPSS 0% CVSS 7.4
HIGH This Month

A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple XSS
NVD
EPSS 0% CVSS 8.1
HIGH This Month

A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cisco Apple +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow +1
NVD
EPSS 0% CVSS 8.8
HIGH This Month

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Apple
NVD
EPSS 0% CVSS 7.3
HIGH POC This Week

Missing authentication in Magnetism Studios Endurance macOS app (versions up to 3.3.0) allows local unprivileged attackers to execute code with elevated privileges via the com.MagnetismStudios.endurance.helper NSXPC service. The loadModuleNamed:WithReply function in the LaunchServices helper lacks proper authentication checks, enabling local privilege escalation. Publicly available exploit code exists (GitHub POC published), but EPSS probability remains low at 0.03% (7th percentile), indicating limited real-world exploitation to date. Not listed in CISA KEV, suggesting targeted proof-of-concept activity rather than widespread attacks.

Authentication Bypass Apple
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Apple Information Disclosure +3
NVD
EPSS 0% CVSS 8.5
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation Virtual Appliance Application +2
NVD
EPSS 0% CVSS 8.5
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (macOS/Linux client deployments) are vulnerable to an authentication. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Virtual Appliance Application +2
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Virtual Appliance Application +2
NVD
EPSS 0% CVSS 8.4
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Virtual Appliance Application +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Wait for io return on terminate rport System crash due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Memory Corruption Apple +6
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
Prev Page 10 of 90 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy