Skip to main content

Apple

8072 CVEs vendor

Monthly

CVE-2024-40796 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-40795 LOW Monitor

This issue was addressed with improved data protection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-40794 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-40793 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40789 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Safari Ipados +5
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-40788 MEDIUM This Month

A type confusion issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Memory Corruption Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40787 HIGH This Week

This issue was addressed by adding an additional prompt for user consent. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-40786 HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-40785 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Iphone Os Ipados Safari +4
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-40784 MEDIUM This Month

An integer overflow was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Integer Overflow Buffer Overflow Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40783 MEDIUM This Month

The issue was addressed with improved restriction of data container access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40782 MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Use After Free Memory Corruption Safari +6
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-40781 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-40780 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Iphone Os Ipados +5
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40779 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Iphone Os Ipados +5
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40778 LOW Monitor

An authentication issue was addressed with improved state management. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os Ipados macOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-40777 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-40776 MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Use After Free Memory Corruption Iphone Os +6
NVD VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-40775 MEDIUM This Month

A downgrade issue was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40774 HIGH This Week

A downgrade issue was addressed with additional code-signing restrictions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS Iphone Os Ipados +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-27888 MEDIUM This Month

A permissions issue was addressed by removing vulnerable code and adding additional checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27887 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27886 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27884 MEDIUM This Month

This issue was addressed with a new entitlement. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Ipados macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27883 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-27882 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-27881 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-27878 MEDIUM This Month

A buffer overflow issue was addressed with improved memory handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow macOS
NVD VulDB
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-27877 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-27873 MEDIUM This Month

An out-of-bounds write issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27872 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27871 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27863 MEDIUM This Month

An information disclosure issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27862 LOW Monitor

A logic issue was addressed with improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple macOS
NVD VulDB
CVSS 3.1
2.4
EPSS
0.2%
CVE-2024-27853 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-27826 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27823 MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-27809 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23261 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-3219 MEDIUM This Month

The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Python Microsoft
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-27358 LOW Monitor

An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-27357 MEDIUM This Month

An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-0981 HIGH This Week

Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox/Safari) are vulnerable to cross-site scripting. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google Mozilla
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-38680 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Appmaker Appmaker - Convert WooCommerce to Android & iOS Native Mobile Apps allows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple WordPress XSS Google
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-34013 HIGH This Week

Local privilege escalation due to OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Command Injection Privilege Escalation
NVD VulDB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-39820 MEDIUM This Month

Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Workplace Desktop
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-40927 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xhci: Handle TD clearing for multiple streams case When multiple streams are in use, multiple TDs might be in flight when an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Denial Of Service Linux Apple +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-6328 CRITICAL PATCH Act Now

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Google WordPress Authentication Bypass Mstore Api
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-20456 MEDIUM This Month

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco Ios Xr
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-6222 HIGH This Week

In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Docker Microsoft Desktop
NVD
CVSS 4.0
7.3
EPSS
0.6%
CVE-2024-6600 MEDIUM This Month

Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Mozilla Firefox Thunderbird
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-34786 MEDIUM This Month

UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Ubiquiti
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-40594 LOW Monitor

The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
2.3
EPSS
0.1%
CVE-2024-39943 npm HIGH PATCH This Week

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Apple Command Injection Node.js Http File Server
NVD GitHub
CVSS 3.1
8.8
EPSS
48.5%
CVE-2024-39891 MEDIUM KEV THREAT This Month

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google Authy Authy Authenticator
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2024-38480 MEDIUM This Month

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-4395 HIGH This Week

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation Apple
NVD GitHub
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-35537 HIGH POC This Week

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Google Tvs Connect
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-37885 HIGH PATCH This Week

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Nextcloud RCE Apple Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-36287 npm LOW PATCH Monitor

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Mattermost Mattermost Desktop
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-38313 MEDIUM This Month

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-38312 MEDIUM This Month

When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-30057 MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Microsoft Edge
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-2300 MEDIUM This Month

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure HP Google
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-5739 MEDIUM This Month

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google Line
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-27885 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-27857 HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-27855 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure Ipados Iphone Os +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-27851 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-27850 MEDIUM This Month

This issue was addressed with improvements to the noise injection algorithm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-27848 HIGH This Week

This issue was addressed with improved permissions checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27845 LOW Monitor

A privacy issue was addressed with improved handling of temporary files. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-27844 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari macOS Visionos
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27840 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-27838 MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-27836 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27833 HIGH This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow Safari Ipados +3
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-27832 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27831 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27830 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-27828 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Tvos +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27820 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-27819 LOW Monitor

The issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-27817 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27815 HIGH Act Now

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 24.3% and no vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +5
NVD VulDB
CVSS 3.1
7.8
EPSS
24.3%
CVE-2024-27814 LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Watchos
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-27811 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27808 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-27807 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-27806 MEDIUM This Month

This issue was addressed with improved environment sanitization. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

This issue was addressed with improved data protection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +4
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +3
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +7
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A type confusion issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Memory Corruption Information Disclosure +6
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

This issue was addressed by adding an additional prompt for user consent. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Iphone Os +6
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An integer overflow was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Integer Overflow Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved restriction of data container access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Use After Free +8
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +7
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +7
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

An authentication issue was addressed with improved state management. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Use After Free +8
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A downgrade issue was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

A downgrade issue was addressed with additional code-signing restrictions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed by removing vulnerable code and adding additional checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with a new entitlement. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os +5
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow issue was addressed with improved memory handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds write issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple Ipados +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An information disclosure issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +5
NVD VulDB
EPSS 0% CVSS 2.4
LOW Monitor

A logic issue was addressed with improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple macOS
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +5
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure +6
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Python +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox/Safari) are vulnerable to cross-site scripting. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Appmaker Appmaker - Convert WooCommerce to Android & iOS Native Mobile Apps allows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple WordPress XSS +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation due to OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Command Injection Privilege Escalation
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Workplace Desktop
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xhci: Handle TD clearing for multiple streams case When multiple streams are in use, multiple TDs might be in flight when an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Denial Of Service +3
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Google WordPress +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco +1
NVD
EPSS 1% CVSS 7.3
HIGH This Week

In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Docker +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Mozilla +2
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Ubiquiti
NVD
EPSS 0% CVSS 2.3
LOW Monitor

The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 48% CVSS 8.8
HIGH PATCH This Week

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Apple Command Injection Node.js +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM KEV THREAT This Month

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google
NVD
EPSS 0% CVSS 7.3
HIGH This Week

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation Apple
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Google +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Nextcloud RCE +2
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Mattermost +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure HP +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure +3
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow +7
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

This issue was addressed with improvements to the noise injection algorithm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

This issue was addressed with improved permissions checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

A privacy issue was addressed with improved handling of temporary files. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +2
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +5
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption +5
NVD VulDB
EPSS 2% CVSS 8.8
HIGH This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption +6
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +4
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 2.4
LOW Monitor

The issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +4
NVD VulDB
EPSS 24% CVSS 7.8
HIGH Act Now

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 24.3% and no vendor patch available.

Apple RCE Memory Corruption +7
NVD VulDB
EPSS 0% CVSS 2.4
LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Watchos
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +5
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +6
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved environment sanitization. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +4
NVD VulDB
Prev Page 23 of 90 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy