Skip to main content

macOS

2033 CVEs product

Monthly

CVE-2025-30415 HIGH PATCH This Week

A denial of service vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Microsoft Apple Denial Of Service Windows macOS
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-31263 CRITICAL This Week

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow macOS
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-31231 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-5334 HIGH This Month

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Google Authentication Bypass Apple Remote Desktop Manager +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-4081 MEDIUM Monitor

Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4412 MEDIUM Monitor

On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency,. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4280 MEDIUM Monitor

MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Python macOS
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-48064 LOW Monitor

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Apple Windows macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-4641 Maven CRITICAL PATCH Act Now

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Microsoft Java Apple Windows +1
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-0135 MEDIUM This Month

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Paloalto Google Microsoft +5
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2025-31260 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31258 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31256 MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31250 MEDIUM This Month

An information disclosure issue was addressed with improved privacy controls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31249 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31246 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow macOS
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-31244 HIGH This Week

A file quarantine bypass was addressed with additional checks. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-31236 MEDIUM This Month

An information disclosure issue was addressed with improved privacy controls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31218 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-31195 MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-24222 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow macOS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-1079 HIGH POC This Week

Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Google Information Disclosure Web Designer macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47274 LOW Monitor

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD GitHub
CVSS 4.0
2.4
EPSS
0.0%
CVE-2025-26168 HIGH This Week

IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Apple RCE Privilege Escalation macOS
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-4095 MEDIUM This Month

Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Docker macOS
NVD
CVSS 4.0
4.3
EPSS
0.1%
CVE-2025-31202 MEDIUM This Month

A null pointer dereference was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service Ipados Iphone Os +4
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-46328 npm LOW PATCH Monitor

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Snowflake Connector macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-46327 Go LOW PATCH Monitor

gosnowflake is the Snowflake Golang driver. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Gosnowflake macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-46326 NuGet LOW PATCH Monitor

snowflake-connector-net is the Snowflake Connector for .NET. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Snowflake Connector macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-13177 MEDIUM This Month

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. Rated medium severity (CVSS 5.2). No vendor patch available.

Privilege Escalation macOS
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2023-42983 MEDIUM This Month

Processing a file may lead to a denial-of-service or potentially disclose memory contents. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service macOS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-42982 MEDIUM This Month

Processing a file may lead to a denial-of-service or potentially disclose memory contents. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Buffer Overflow Apple macOS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-42981 MEDIUM This Month

Processing a file may lead to a denial-of-service or potentially disclose memory contents. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-42977 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipad Os Iphone Os macOS +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42970 HIGH PATCH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption RCE Apple Safari +8
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-42969 LOW Monitor

An app may be able to break out of its sandbox. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-42961 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Path Traversal Ipados Iphone Os macOS +1
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-42875 HIGH PATCH This Week

Processing web content may lead to arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Apple Safari Ipados +7
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-41076 HIGH This Week

An app may be able to elevate privileges. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-38614 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os macOS +1
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-30370 PyPI HIGH PATCH This Week

jupyterlab-git is a JupyterLab extension for version control using Git. Rated high severity (CVSS 7.4). No vendor patch available.

Apple Command Injection macOS Red Hat
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-31192 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-30463 MEDIUM This Month

The issue was addressed with improved restriction of data container access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30461 CRITICAL Act Now

An access issue was addressed with additional sandbox restrictions on the system pasteboards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-30458 CRITICAL Act Now

A permissions issue was addressed with additional restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple macOS
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-30455 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30451 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30437 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Buffer Overflow macOS
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2025-30435 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24282 MEDIUM This Month

A library injection issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24281 MEDIUM This Month

This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24280 MEDIUM This Month

An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24269 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service macOS
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-24263 CRITICAL Act Now

A privacy issue was addressed by moving sensitive data to a protected location. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-24262 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24248 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-24245 CRITICAL Act Now

This issue was addressed by adding a delay between verification code attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-24242 MEDIUM This Month

This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-24239 MEDIUM This Month

A downgrade issue was addressed with additional code-signing restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-24236 MEDIUM This Month

An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24218 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24204 CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-24202 MEDIUM This Month

A logging issue was addressed with improved data redaction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24196 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple macOS
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-24191 MEDIUM This Month

The issue was addressed with improved validation of environment variables. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-2098 HIGH This Week

Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2023-28207 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-44305 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44199 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple macOS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-54565 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-54559 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-1398 npm LOW PATCH Monitor

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Mattermost Desktop macOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-30074 HIGH This Week

Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine. Rated high severity (CVSS 7.8). No vendor patch available.

Apple Intel Authentication Bypass Privilege Escalation macOS
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-0117 HIGH This Week

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Paloalto Google Privilege Escalation Microsoft +4
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-29903 MEDIUM This Month

In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Runtime macOS
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2022-48610 MEDIUM This Month

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. [CVSS 5.5 MEDIUM]

Denial Of Service macOS iOS Apple
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-43454 HIGH This Week

A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. [CVSS 7.8 HIGH]

Linux Denial Of Service macOS iOS Apple
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-54558 LOW Monitor

A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.8 LOW]

Denial Of Service macOS iOS Apple
NVD
CVSS 3.1
2.8
EPSS
0.1%
CVE-2024-54546 HIGH This Week

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. [CVSS 7.5 HIGH]

Linux macOS Apple
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54473 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54463 MEDIUM This Month

This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44227 HIGH This Week

The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 7.5 HIGH]

Linux Denial Of Service Apple macOS iOS
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-44179 LOW Monitor

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.4 LOW]

Denial Of Service Apple macOS iOS
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-1413 HIGH This Week

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-27148 HIGH PATCH This Week

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Java Apple Windows +3
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-45418 MEDIUM This Month

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Meeting Software Development Kit Rooms Video Software Development Kit +2
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-45417 MEDIUM This Month

Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meeting Software Development Kit Rooms Video Software Development Kit +2
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2024-3220 LOW Monitor

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure Apple Windows +1
NVD
CVSS 4.0
2.3
EPSS
0.3%
CVE-2024-56180 Maven CRITICAL PATCH Act Now

g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apache Deserialization Eventmesh Windows +1
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-3432 MEDIUM This Month

A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Anyconnect Secure Mobility Client macOS
NVD
CVSS 3.1
5.6
EPSS
0.1%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Microsoft Apple Denial Of Service +2
NVD
EPSS 0% CVSS 9.1
CRITICAL This Week

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Google Authentication Bypass +6
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency,. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Python +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Apple +2
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Microsoft Java +3
NVD GitHub
EPSS 0% CVSS 5.2
MEDIUM This Month

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Paloalto +7
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An information disclosure issue was addressed with improved privacy controls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow macOS
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A file quarantine bypass was addressed with additional checks. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An information disclosure issue was addressed with improved privacy controls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow macOS
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Google Information Disclosure +2
NVD
EPSS 0% CVSS 2.4
LOW Monitor

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Apple RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Docker +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A null pointer dereference was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service +6
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Snowflake Connector +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

gosnowflake is the Snowflake Golang driver. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Gosnowflake +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

snowflake-connector-net is the Snowflake Connector for .NET. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Snowflake Connector +1
NVD GitHub
EPSS 0% CVSS 5.2
MEDIUM This Month

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. Rated medium severity (CVSS 5.2). No vendor patch available.

Privilege Escalation macOS
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Processing a file may lead to a denial-of-service or potentially disclose memory contents. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service macOS
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Processing a file may lead to a denial-of-service or potentially disclose memory contents. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Buffer Overflow Apple +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Processing a file may lead to a denial-of-service or potentially disclose memory contents. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipad Os +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption RCE +10
NVD
EPSS 0% CVSS 3.3
LOW Monitor

An app may be able to break out of its sandbox. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +3
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Path Traversal Ipados +3
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Processing web content may lead to arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Apple +9
NVD
EPSS 0% CVSS 7.3
HIGH This Week

An app may be able to elevate privileges. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +3
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

jupyterlab-git is a JupyterLab extension for version control using Git. Rated high severity (CVSS 7.4). No vendor patch available.

Apple Command Injection macOS +1
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved restriction of data container access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An access issue was addressed with additional sandbox restrictions on the system pasteboards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A permissions issue was addressed with additional restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 7.4
HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Buffer Overflow macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A library injection issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service macOS
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A privacy issue was addressed by moving sensitive data to a protected location. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

This issue was addressed by adding a delay between verification code attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A downgrade issue was addressed with additional code-signing restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logging issue was addressed with improved data redaction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved validation of environment variables. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Mattermost Desktop +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine. Rated high severity (CVSS 7.8). No vendor patch available.

Apple Intel Authentication Bypass +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Paloalto Google +6
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Runtime +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. [CVSS 5.5 MEDIUM]

Denial Of Service macOS iOS +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. [CVSS 7.8 HIGH]

Linux Denial Of Service macOS +2
NVD
EPSS 0% CVSS 2.8
LOW Monitor

A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.8 LOW]

Denial Of Service macOS iOS +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. [CVSS 7.5 HIGH]

Linux macOS Apple
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Information Disclosure macOS
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 7.5 HIGH]

Linux Denial Of Service Apple +2
NVD
EPSS 0% CVSS 2.4
LOW Monitor

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.4 LOW]

Denial Of Service Apple macOS +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Java +5
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Meeting Software Development Kit +4
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meeting Software Development Kit +4
NVD
EPSS 0% CVSS 2.3
LOW Monitor

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure +3
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apache Deserialization +3
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Anyconnect Secure Mobility Client +1
NVD
Prev Page 4 of 23 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy