Skip to main content

Apple

8072 CVEs vendor

Monthly

CVE-2024-40842 MEDIUM This Month

An issue was addressed with improved validation of environment variables. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-40841 MEDIUM This Month

An out-of-bounds write issue was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40840 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-40838 LOW Monitor

A privacy issue was addressed by moving sensitive data to a protected location. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-40837 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-40831 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-40830 LOW Monitor

This issue was addressed with improved data protection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-40826 MEDIUM This Month

A privacy issue was addressed with improved handling of files. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-40825 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS Visionos
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-40801 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40797 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-40791 LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-40770 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-27880 MEDIUM This Month

An out-of-bounds read issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27879 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-27876 MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Apple Information Disclosure Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27875 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27874 HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27869 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-27861 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27860 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27858 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27795 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23237 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-8269 MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apple WordPress Google Mstore Api
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-8242 HIGH PATCH This Week

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Google WordPress PHP RCE Apple +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-20489 MEDIUM This Month

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xr
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20483 HIGH This Week

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Command Injection Docker Ios Xr
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-20406 HIGH This Week

A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-20398 HIGH This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Command Injection Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20390 MEDIUM This Month

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-20343 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco Ios Xr
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20317 HIGH This Week

A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-20304 HIGH This Week

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-43482 MEDIUM PATCH This Month

Microsoft Outlook for iOS Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Apple Information Disclosure Microsoft Outlook
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-35282 MEDIUM This Month

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-8258 LOW POC Monitor

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Apple Logi Options
NVD GitHub
CVSS 4.0
2.0
EPSS
0.4%
CVE-2024-45203 MEDIUM This Month

Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google Cosme
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-8399 MEDIUM This Month

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Firefox Focus
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-45305 Cargo LOW PATCH Monitor

gix-path is a crate of the gitoxide project dealing with git paths and their conversions. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure
NVD GitHub
CVSS 3.1
2.5
EPSS
0.2%
CVE-2024-41918 MEDIUM This Month

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google Ichiba
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-43913 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nvme: apple: fix device reference counting Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Apple Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-8011 LOW Monitor

Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Options
NVD
CVSS 4.0
2.0
EPSS
0.1%
CVE-2024-7651 MEDIUM PATCH This Month

The App Builder - Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Google SQLi Apple WordPress App Builder
NVD
CVSS 3.1
5.6
EPSS
0.2%
CVE-2024-43357 HIGH This Week

ECMA-262 is the language specification for the scripting language ECMAScript. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google Mozilla
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-7628 HIGH PATCH This Week

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Apple WordPress Google Mstore Api
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-42441 MEDIUM This Month

Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-42440 MEDIUM This Month

Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-42439 MEDIUM This Month

Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit Workplace Desktop
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-38197 MEDIUM PATCH This Month

Microsoft Teams for iOS Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Microsoft Teams
NVD
CVSS 3.1
6.5
EPSS
16.1%
CVE-2024-7533 HIGH This Week

Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Memory Corruption Denial Of Service Apple +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-42219 HIGH This Week

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Hashicorp Information Disclosure 1Password
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-42218 MEDIUM This Month

1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. Rated medium severity (CVSS 4.7). No vendor patch available.

Authentication Bypass Apple Hashicorp 1Password
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-6988 HIGH This Week

Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Memory Corruption Denial Of Service Apple +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-43113 MEDIUM This Month

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-43112 MEDIUM This Month

Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-43111 MEDIUM This Month

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-23483 CRITICAL Act Now

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Command Injection Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-23460 HIGH This Week

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Jwt Attack RCE Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-41955 PyPI MEDIUM POC PATCH This Month

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Apple Open Redirect Google Microsoft Mobile Security Framework
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-40836 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40835 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40834 MEDIUM This Month

This issue was addressed by adding an additional prompt for user consent. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-40833 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40832 LOW Monitor

The issue was addressed with improved checks. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-40829 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Use After Free Memory Corruption Information Disclosure Ipados +3
NVD VulDB
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-40828 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-40827 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40824 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40823 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40822 LOW Monitor

This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-40821 HIGH This Week

An access issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-40818 MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-40817 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari macOS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40816 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40815 HIGH This Week

A race condition was addressed with additional validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Authentication Bypass Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
7.5
EPSS
7.2%
CVE-2024-40814 HIGH This Week

A downgrade issue was addressed with additional code-signing restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-40813 MEDIUM This Month

A lock screen issue was addressed with improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Watchos
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-40812 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-40811 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40809 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-40807 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40806 MEDIUM This Month

An out-of-bounds read issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40805 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-40804 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40803 HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-40802 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-40800 MEDIUM This Month

An input validation issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40799 HIGH This Week

An out-of-bounds read issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-40798 LOW Monitor

This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was addressed with improved validation of environment variables. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds write issue was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A privacy issue was addressed by moving sensitive data to a protected location. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 3.3
LOW Monitor

This issue was addressed with improved data protection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A privacy issue was addressed with improved handling of files. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +6
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Apple Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Ipados +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apple WordPress +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Google WordPress PHP +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Command Injection +2
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Command Injection +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Outlook for iOS Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Apple Information Disclosure +2
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Fortinet Information Disclosure +1
NVD
EPSS 0% CVSS 2.0
LOW POC Monitor

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Apple +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Firefox Focus
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

gix-path is a crate of the gitoxide project dealing with git paths and their conversions. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nvme: apple: fix device reference counting Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Apple Information Disclosure Linux +1
NVD
EPSS 0% CVSS 2.0
LOW Monitor

Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Options
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

The App Builder - Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Google SQLi Apple +2
NVD
EPSS 1% CVSS 8.6
HIGH This Week

ECMA-262 is the language specification for the scripting language ECMAScript. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Apple WordPress +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit +1
NVD
EPSS 16% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Teams for iOS Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Hashicorp Information Disclosure +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. Rated medium severity (CVSS 4.7). No vendor patch available.

Authentication Bypass Apple Hashicorp +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Command Injection Client Connector
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Jwt Attack RCE +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Apple Open Redirect Google +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +3
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

This issue was addressed by adding an additional prompt for user consent. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

The issue was addressed with improved checks. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 2.4
LOW Monitor

This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

An access issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +3
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 7% CVSS 7.5
HIGH This Week

A race condition was addressed with additional validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Authentication Bypass +5
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

A downgrade issue was addressed with additional code-signing restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

A lock screen issue was addressed with improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +6
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An input validation issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

An out-of-bounds read issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +6
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD VulDB
Prev Page 22 of 90 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy