Skip to main content

Apple

8071 CVEs vendor

Monthly

CVE-2025-43482 MEDIUM This Month

Denial-of-service vulnerability in Apple macOS allows local authenticated applications to crash the system or specific services through improper input validation. Affects macOS Sequoia (before 15.7.3), Sonoma (before 14.8.3), and Tahoe (before 26.2). Attack requires local access and low privileges but no user interaction; however, real-world risk is minimal with EPSS probability of 0.02% and no public exploit identified.

Apple macOS Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43463 MEDIUM This Month

Path traversal vulnerability in macOS directory path handling allows local apps with user privileges to read sensitive user data through improper path validation. Affects macOS Sequoia (before 15.7.3), Sonoma (before 14.8.3), and Tahoe (before 26.1). EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite moderate CVSS severity.

Apple macOS Path Traversal Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43416 MEDIUM This Month

Local authenticated applications can access protected user data on macOS due to improper access control restrictions (CWE-284). This affects macOS Sequoia, Sonoma, and Tahoe across multiple versions and is fixed in Sequoia 15.7.3, Sonoma 14.8.3, and Tahoe 26.2. The vulnerability requires local access and authenticated user privileges to exploit, limiting real-world risk despite the confidentiality impact; no public exploit code or confirmed active exploitation has been identified.

Apple macOS Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43410 LOW Monitor

Improper cache handling in macOS allows attackers with physical access to recover deleted notes from memory. The vulnerability affects macOS Sequoia (before 15.7.2), macOS Sonoma (before 14.8.2), and macOS Tahoe (before 26.2), exposing sensitive user data through inadequate data sanitization. No public exploit code has been identified, and the extremely low EPSS score (0.02%) reflects the requirement for physical device access, making real-world exploitation unlikely outside of targeted scenarios involving stolen or temporarily compromised hardware.

Apple macOS Information Disclosure
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-43402 HIGH This Week

Memory corruption in macOS kernel allows authenticated local users to execute arbitrary code or crash the system. Apple fixed the vulnerability via improved memory handling in macOS Sequoia 15.7.4, Sonoma 14.8.4, and Tahoe 26.1. With CVSS 7.8 (High severity) reflecting local attack vector requiring low privileges, and EPSS at 0.01% (2nd percentile), this represents a moderate real-world risk despite high CVSS scoring. No public exploit identified at time of analysis, and no evidence of active exploitation (not in CISA KEV).

Apple macOS Memory Corruption Denial Of Service
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43320 HIGH This Week

macOS launch constraint bypass enables authenticated local users to execute code with elevated privileges on macOS Sequoia (up to 15.7.2) and macOS Tahoe (pre-26). The vulnerability requires low-complexity exploitation by a user with existing local access, allowing them to circumvent Apple's launch constraint security framework and achieve full system compromise (high confidentiality, integrity, and availability impact). No public exploit identified at time of analysis, with EPSS indicating only 0.02% probability of exploitation in the wild (5th percentile).

Apple macOS Privilege Escalation RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-62223 MEDIUM PATCH This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

Microsoft Authentication Bypass Apple Edge Chromium iOS
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-66555 HIGH POC This Week

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control.

Authentication Bypass Apple iOS
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-12385 HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Microsoft Apple Google Denial Of Service Ubuntu +4
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-65843 HIGH POC This Week

Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the ~/Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius recursively enumerates logs using a JUCE directory iterator configured to follow symlinks, and later writes file data without validating whether the target is a symbolic link. A local attacker can exploit this behavior by planting symlinks to arbitrary filesystem locations, resulting in unauthorized disclosure or modification of arbitrary files. When chained with the associated HelperTool privilege escalation issue, root-owned files may also be exposed.

Privilege Escalation Apple Aquarius macOS
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-65842 MEDIUM POC This Month

The Aquarius HelperTool (1.0.003) privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. The executeCommand:authorization:withReply: method then interpolates attacker-controlled input into NSTask and executes it with root privileges. A local attacker can exploit these weaknesses to run arbitrary commands as root, create persistent backdoors, or obtain a fully interactive root shell.

Privilege Escalation Apple Aquarius Helpertool macOS
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-65841 MEDIUM POC This Month

Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate recovery of the plaintext value. Any attacker who can read this settings file can fully compromise the victim's Aquarius account by importing the stolen configuration into their own client or login through the vendor website. This results in complete account takeover, unauthorized access to cloud-synchronized data, and the ability to perform authenticated actions as the user.

Authentication Bypass Apple Aquarius
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-62686 MEDIUM POC This Month

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potentially resulting in code execution with elevated privileges.

Privilege Escalation Apple RCE Installation Manager macOS
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-55076 MEDIUM POC This Month

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.

Privilege Escalation Apple Installation Manager macOS
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-7007 HIGH POC This Week

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.

Microsoft Denial Of Service Null Pointer Dereference Apple Windows +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-8351 HIGH PATCH This Week

Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98.

Heap Overflow Buffer Overflow Apple
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61229 HIGH This Week

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

Privilege Escalation Apple Superduper
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10101 HIGH PATCH This Week

Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection. This issue affects Antivirus: from 15.7 before 3.9.2025.

Heap Overflow Denial Of Service Buffer Overflow Apple
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-62593 PyPI CRITICAL PATCH Act Now

Ray is an AI compute engine. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Code Injection Mozilla Firefox +2
NVD GitHub
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-13502 HIGH PATCH This Week

A flaw was found in WebKitGTK and WPE WebKit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12893 LOW Monitor

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage (EKU) requirements. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Microsoft Information Disclosure MongoDB Windows
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-65947 Cargo HIGH PATCH This Month

thread-amount is a tool that gets the amount of threads in the current process. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Microsoft Windows
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-43374 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Apple Buffer Overflow
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-31266 MEDIUM This Month

A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name This issue is fixed in Safari 18.5, macOS Sequoia 15.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-31248 MEDIUM This Month

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-31216 LOW Monitor

The issue was addressed with improved checks. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-13524 MEDIUM This Month

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Microsoft Information Disclosure Windows macOS
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-62609 PyPI MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apple Mlx Red Hat
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-62608 PyPI MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Buffer Overflow Heap Overflow Mlx +1
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-64524 LOW POC PATCH Monitor

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Apple Buffer Overflow RCE Heap Overflow Cups Filters +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-34324 HIGH POC This Month

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack RCE Apple Microsoft Gosign +2
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-55179 MEDIUM This Month

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Whatsapp Whatsapp Business iOS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-60022 LOW Monitor

Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2024-9126 HIGH POC This Month

Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Apple Memory Corruption Denial Of Service Use After Free +2
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-13983 MEDIUM POC This Month

Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Apple Google Chrome iOS
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-64738 MEDIUM This Month

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meeting Software Development Kit Workplace Desktop macOS
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-30662 MEDIUM This Month

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Workplace Virtual Desktop Infrastructure macOS
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-64711 PHP LOW POC PATCH Monitor

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. Public exploit code available.

File Upload Apple Microsoft XSS Privatebin +2
NVD GitHub
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-64503 MEDIUM POC PATCH Monitor

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Apple Buffer Overflow Cups Filters Libcupsfilters +3
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43205 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-27918 CRITICAL POC Act Now

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Apple Integer Overflow Microsoft +5
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-27917 HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Google Apple Null Pointer Dereference Microsoft +6
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-43418 MEDIUM Monitor

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2023-43000 HIGH POC KEV PATCH THREAT Act Now

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption Buffer Overflow Apple Use After Free Safari +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2025-43507 MEDIUM This Month

A privacy issue was addressed by moving sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43503 MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43502 HIGH This Week

A privacy issue was addressed by removing sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43500 HIGH This Week

A privacy issue was addressed with improved handling of user preferences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43499 MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43498 MEDIUM This Month

An authorization issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43496 HIGH This Week

The issue was addressed by adding additional logic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43495 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-43493 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43481 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-43480 HIGH PATCH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Apple Information Disclosure Red Hat Suse
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-43479 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43478 MEDIUM This Month

A use after free issue was addressed with improved memory management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Apple Use After Free
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43477 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43476 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43474 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43472 HIGH This Week

A validation issue was addressed with improved input sanitization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43469 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43468 MEDIUM PATCH This Month

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Jwt Attack Intel Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43462 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43460 MEDIUM Monitor

A logic issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-43459 MEDIUM Monitor

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Watchos
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-43458 MEDIUM PATCH This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-43457 MEDIUM PATCH This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Apple Use After Free Ipados +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43455 MEDIUM This Month

A privacy issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43454 HIGH This Month

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43452 MEDIUM Monitor

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-43450 HIGH This Month

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43449 HIGH This Month

The issue was addressed with improved handling of caches. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43448 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-43447 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43446 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43445 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43444 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-43443 MEDIUM PATCH This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43442 LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os iOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43441 MEDIUM PATCH This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os Tvos +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43440 MEDIUM PATCH This Month

This issue was addressed with improved checks This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43439 MEDIUM This Month

A privacy issue was addressed by removing sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43438 MEDIUM PATCH This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Apple Use After Free Ipados +3
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43436 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-43435 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43434 MEDIUM PATCH This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Apple Use After Free Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43433 HIGH PATCH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-43432 MEDIUM PATCH This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Apple Use After Free Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43431 HIGH PATCH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM This Month

Denial-of-service vulnerability in Apple macOS allows local authenticated applications to crash the system or specific services through improper input validation. Affects macOS Sequoia (before 15.7.3), Sonoma (before 14.8.3), and Tahoe (before 26.2). Attack requires local access and low privileges but no user interaction; however, real-world risk is minimal with EPSS probability of 0.02% and no public exploit identified.

Apple macOS Denial Of Service
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Path traversal vulnerability in macOS directory path handling allows local apps with user privileges to read sensitive user data through improper path validation. Affects macOS Sequoia (before 15.7.3), Sonoma (before 14.8.3), and Tahoe (before 26.1). EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite moderate CVSS severity.

Apple macOS Path Traversal +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Local authenticated applications can access protected user data on macOS due to improper access control restrictions (CWE-284). This affects macOS Sequoia, Sonoma, and Tahoe across multiple versions and is fixed in Sequoia 15.7.3, Sonoma 14.8.3, and Tahoe 26.2. The vulnerability requires local access and authenticated user privileges to exploit, limiting real-world risk despite the confidentiality impact; no public exploit code or confirmed active exploitation has been identified.

Apple macOS Information Disclosure
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Improper cache handling in macOS allows attackers with physical access to recover deleted notes from memory. The vulnerability affects macOS Sequoia (before 15.7.2), macOS Sonoma (before 14.8.2), and macOS Tahoe (before 26.2), exposing sensitive user data through inadequate data sanitization. No public exploit code has been identified, and the extremely low EPSS score (0.02%) reflects the requirement for physical device access, making real-world exploitation unlikely outside of targeted scenarios involving stolen or temporarily compromised hardware.

Apple macOS Information Disclosure
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in macOS kernel allows authenticated local users to execute arbitrary code or crash the system. Apple fixed the vulnerability via improved memory handling in macOS Sequoia 15.7.4, Sonoma 14.8.4, and Tahoe 26.1. With CVSS 7.8 (High severity) reflecting local attack vector requiring low privileges, and EPSS at 0.01% (2nd percentile), this represents a moderate real-world risk despite high CVSS scoring. No public exploit identified at time of analysis, and no evidence of active exploitation (not in CISA KEV).

Apple macOS Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

macOS launch constraint bypass enables authenticated local users to execute code with elevated privileges on macOS Sequoia (up to 15.7.2) and macOS Tahoe (pre-26). The vulnerability requires low-complexity exploitation by a user with existing local access, allowing them to circumvent Apple's launch constraint security framework and achieve full system compromise (high confidentiality, integrity, and availability impact). No public exploit identified at time of analysis, with EPSS indicating only 0.02% probability of exploitation in the wild (5th percentile).

Apple macOS Privilege Escalation +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

Microsoft Authentication Bypass Apple +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control.

Authentication Bypass Apple iOS
NVD Exploit-DB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Microsoft Apple Google +6
NVD
EPSS 0% CVSS 7.7
HIGH POC This Week

Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the ~/Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius recursively enumerates logs using a JUCE directory iterator configured to follow symlinks, and later writes file data without validating whether the target is a symbolic link. A local attacker can exploit this behavior by planting symlinks to arbitrary filesystem locations, resulting in unauthorized disclosure or modification of arbitrary files. When chained with the associated HelperTool privilege escalation issue, root-owned files may also be exposed.

Privilege Escalation Apple Aquarius +1
NVD
EPSS 0% CVSS 5.1
MEDIUM POC This Month

The Aquarius HelperTool (1.0.003) privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. The executeCommand:authorization:withReply: method then interpolates attacker-controlled input into NSTask and executes it with root privileges. A local attacker can exploit these weaknesses to run arbitrary commands as root, create persistent backdoors, or obtain a fully interactive root shell.

Privilege Escalation Apple Aquarius Helpertool +1
NVD
EPSS 0% CVSS 6.2
MEDIUM POC This Month

Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate recovery of the plaintext value. Any attacker who can read this settings file can fully compromise the victim's Aquarius account by importing the stolen configuration into their own client or login through the vendor website. This results in complete account takeover, unauthorized access to cloud-synchronized data, and the ability to perform authenticated actions as the user.

Authentication Bypass Apple Aquarius
NVD
EPSS 0% CVSS 6.2
MEDIUM POC This Month

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potentially resulting in code execution with elevated privileges.

Privilege Escalation Apple RCE +2
NVD
EPSS 0% CVSS 6.2
MEDIUM POC This Month

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.

Privilege Escalation Apple Installation Manager +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.

Microsoft Denial Of Service Null Pointer Dereference +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98.

Heap Overflow Buffer Overflow Apple
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

Privilege Escalation Apple Superduper
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection. This issue affects Antivirus: from 15.7 before 3.9.2025.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Ray is an AI compute engine. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Code Injection +4
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A flaw was found in WebKitGTK and WPE WebKit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 2.3
LOW Monitor

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage (EKU) requirements. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Microsoft Information Disclosure +2
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Month

thread-amount is a tool that gets the amount of threads in the current process. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Microsoft +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Apple Buffer Overflow
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name This issue is fixed in Safari 18.5, macOS Sequoia 15.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple
NVD
EPSS 0% CVSS 2.4
LOW Monitor

The issue was addressed with improved checks. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Microsoft Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apple +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Buffer Overflow +3
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Apple Buffer Overflow RCE +3
NVD GitHub
EPSS 0% CVSS 7.0
HIGH POC This Month

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack RCE Apple +4
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Whatsapp +2
NVD
EPSS 0% CVSS 2.3
LOW Monitor

Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD
EPSS 0% CVSS 7.5
HIGH POC This Month

Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Apple Memory Corruption +4
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Apple Google +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meeting Software Development Kit +2
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Workplace Virtual Desktop Infrastructure +1
NVD
EPSS 0% CVSS 3.9
LOW POC PATCH Monitor

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. Public exploit code available.

File Upload Apple Microsoft +4
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM POC PATCH Monitor

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Apple Buffer Overflow +5
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Apple +7
NVD
EPSS 1% CVSS 7.5
HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Google Apple +8
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% 4.8 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption Buffer Overflow Apple +8
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A privacy issue was addressed by moving sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Privilege Escalation
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A privacy issue was addressed by removing sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A privacy issue was addressed with improved handling of user preferences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An authorization issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The issue was addressed by adding additional logic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Apple Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A use after free issue was addressed with improved memory management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A validation issue was addressed with improved input sanitization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Jwt Attack Intel Apple +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

A logic issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Watchos
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Red Hat +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Apple +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 7.5
HIGH This Month

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

The issue was addressed with improved handling of caches. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Red Hat +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

This issue was addressed with improved checks This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Red Hat +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed by removing sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Apple +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Apple +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Apple +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow +2
NVD
Prev Page 9 of 90 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy