Skip to main content

Apple

8072 CVEs vendor

Monthly

CVE-2024-44223 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-44211 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-44195 HIGH This Week

A logic issue was addressed with improved validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal macOS
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-54538 HIGH This Week

A denial-of-service issue was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.5
EPSS
1.7%
CVE-2024-12786 HIGH This Week

A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Adobe Information Disclosure
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-43106 CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Excel
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-42220 CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Outlook
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-42004 CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Teams
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-41165 CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Word
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-41159 HIGH POC This Week

A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Onenote
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2024-41145 CRITICAL POC Act Now

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Teams
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-41138 CRITICAL POC Act Now

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Teams
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-39804 CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Powerpoint
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-12420 MEDIUM This Month

The The WPMobile.App - Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress Code Injection RCE Apple
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-12042 MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Google WordPress Apple XSS File Upload +1
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-54534 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-54531 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-54529 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-54528 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-54527 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54526 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-54524 MEDIUM This Month

A logic issue was addressed with improved file handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Memory Corruption macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-54515 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-54514 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2024-54513 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54510 MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-54508 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-54506 CRITICAL Act Now

An out-of-bounds access issue was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple RCE macOS
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-54505 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-54504 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-54503 MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
4.2
EPSS
0.4%
CVE-2024-54502 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Safari Ipados +5
NVD VulDB
CVSS 3.1
6.5
EPSS
5.7%
CVE-2024-54501 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54500 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54498 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
8.8
EPSS
6.1%
CVE-2024-54495 MEDIUM This Month

The issue was addressed with improved permissions logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-54494 MEDIUM This Month

A race condition was addressed with additional validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-54493 LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-54492 MEDIUM This Month

This issue was addressed by using HTTPS when sending information over the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-54491 LOW Monitor

The issue was resolved by sanitizing logging. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-54490 MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54489 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal RCE Apple macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-54486 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-54485 LOW Monitor

The issue was addressed by adding additional logic. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-54484 MEDIUM This Month

The issue was resolved by sanitizing logging. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-54479 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-54477 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54476 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54474 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54471 MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54466 MEDIUM This Month

An authorization issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-54465 CRITICAL Act Now

A logic issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-44300 MEDIUM This Month

A logic issue was addressed with improved file handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-44299 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44291 HIGH This Week

A logic issue was addressed with improved file handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44290 LOW Monitor

This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Watchos
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-44248 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-44246 MEDIUM This Month

The issue was addressed with improved routing of Safari-originated requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Safari Ipados +2
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-44245 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-44243 MEDIUM This Month

A configuration issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44242 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44241 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Apple Ipados Iphone Os
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44225 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44224 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44220 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple File Upload macOS
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-44212 MEDIUM This Month

A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-44201 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-44200 LOW Monitor

This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-54014 LOW Monitor

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application. Rated low severity (CVSS 3.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google
NVD
CVSS 3.0
3.6
EPSS
0.2%
CVE-2024-45205 HIGH This Week

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Ubiquiti
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2024-9044 MEDIUM This Month

A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple XXE Microsoft
NVD
CVSS 4.0
4.6
EPSS
0.2%
CVE-2024-53976 MEDIUM This Month

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-53975 MEDIUM This Month

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-11698 CRITICAL Act Now

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-53268 HIGH POC This Week

Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Code Injection RCE Apple +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-11179 MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to, and including, 4.15.7 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Google Apple Mstore Api
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-44309 MEDIUM KEV THREAT This Month

A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Apple Intel XSS
NVD VulDB
CVSS 3.1
6.3
EPSS
1.2%
CVE-2024-44308 HIGH KEV THREAT Act Now

Arbitrary code execution in Apple Safari, iOS/iPadOS, macOS Sequoia, and visionOS occurs when processing maliciously crafted web content, with Apple confirming active exploitation on Intel-based Mac systems. The flaw is confirmed actively exploited (CISA KEV) and carries a CVSS 8.8 score requiring only user interaction (visiting a malicious page) to achieve remote code execution. EPSS at 1.55% (81st percentile) is moderate but the KEV listing signals real-world targeted abuse against Apple's WebKit-based browsing stack.

RCE Apple Intel
NVD VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-44307 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-44306 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20373 MEDIUM This Month

A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco Ios Xe Sd Wan
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-11115 HIGH This Week

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple XSS Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-40592 MEDIUM This Month

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a. Rated medium severity (CVSS 6.7). No vendor patch available.

Apple Jwt Attack Information Disclosure Fortinet Forticlient
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-50106 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Apple +1
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-44234 MEDIUM This Month

The issue was addressed with improved bounds checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44233 MEDIUM This Month

The issue was addressed with improved bounds checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44232 MEDIUM This Month

The issue was addressed with improved bounds checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-51481 LOW Monitor

Nix is a package manager for Linux and other Unix systems. Rated low severity (CVSS 1.0). No vendor patch available.

Apple Information Disclosure
NVD GitHub
CVSS 4.0
1.0
EPSS
0.2%
CVE-2024-10474 MEDIUM This Month

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Firefox Focus
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-50069 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apple Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
EPSS 0% CVSS 4.6
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A logic issue was addressed with improved validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal macOS
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A denial-of-service issue was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados +5
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Adobe Information Disclosure
NVD VulDB
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack +2
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack +2
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack +2
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack +2
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The The WPMobile.App - Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress Code Injection +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Google WordPress Apple +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved file handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 8.6
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +5
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure +5
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Buffer Overflow
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

An out-of-bounds access issue was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Ipados +1
NVD
EPSS 6% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +7
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +5
NVD VulDB
EPSS 6% CVSS 8.8
HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved permissions logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A race condition was addressed with additional validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure +6
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

This issue was addressed by using HTTPS when sending information over the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Ipados +3
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

The issue was resolved by sanitizing logging. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal RCE Apple +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +5
NVD VulDB
EPSS 0% CVSS 2.4
LOW Monitor

The issue was addressed by adding additional logic. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was resolved by sanitizing logging. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Safari +6
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

An authorization issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A logic issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved file handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A logic issue was addressed with improved file handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

The issue was addressed with improved routing of Safari-originated requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A configuration issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption +3
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Apple +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
EPSS 1% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple File Upload macOS
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +1
NVD VulDB
EPSS 0% CVSS 3.6
LOW Monitor

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application. Rated low severity (CVSS 3.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Ubiquiti
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple XXE Microsoft
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Code Injection +3
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to, and including, 4.15.7 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Google +2
NVD
EPSS 1% CVSS 6.3
MEDIUM KEV THREAT This Month

A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Apple Intel XSS
NVD VulDB
EPSS 2% CVSS 8.8
HIGH KEV THREAT Act Now

Arbitrary code execution in Apple Safari, iOS/iPadOS, macOS Sequoia, and visionOS occurs when processing maliciously crafted web content, with Apple confirming active exploitation on Intel-based Mac systems. The flaw is confirmed actively exploited (CISA KEV) and carries a CVSS 8.8 score requiring only user interaction (visiting a malicious page) to achieve remote code execution. EPSS at 1.55% (81st percentile) is moderate but the KEV listing signals real-world targeted abuse against Apple's WebKit-based browsing stack.

RCE Apple Intel
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple XSS +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a. Rated medium severity (CVSS 6.7). No vendor patch available.

Apple Jwt Attack Information Disclosure +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved bounds checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved bounds checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved bounds checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados +5
NVD VulDB
EPSS 0% CVSS 1.0
LOW Monitor

Nix is a package manager for Linux and other Unix systems. Rated low severity (CVSS 1.0). No vendor patch available.

Apple Information Disclosure
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Firefox Focus
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apple Denial Of Service +2
NVD
Prev Page 19 of 90 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy