Skip to main content

Apple

Vendor security scorecard – 8066 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 31060
8066
CVEs
684
Critical
3168
High
132
KEV
616
PoC
3417
Unpatched C/H
12.5%
Patch Rate
1.5%
Avg EPSS

Severity Breakdown

CRITICAL
684
HIGH
3168
MEDIUM
3744
LOW
469

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2017-3881 A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. CRITICAL 9.8 94.3% 213
KEV PoC No patch
CVE-2016-4657 WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. HIGH 8.8 77.1% 206
KEV PoC No patch
CVE-2017-6736 The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. HIGH 8.8 89.0% 203
KEV PoC No patch
CVE-2016-6415 The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. HIGH 7.5 93.0% 200
KEV PoC No patch
CVE-2016-4655 The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. MEDIUM 5.5 81.7% 194
KEV PoC No patch
CVE-2016-4656 The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. HIGH 7.8 66.7% 191
KEV PoC No patch
CVE-2014-4404 Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. HIGH 7.8 62.0% 186
KEV PoC No patch
CVE-2013-1017 Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 81.3%. CRITICAL 9.3 81.3% 163
PoC No patch
CVE-2012-3752 Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 79.1%. CRITICAL 9.3 79.1% 161
PoC No patch
CVE-2012-3753 Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 78.1%. CRITICAL 9.3 78.1% 160
PoC No patch
CVE-2017-13872 An issue was discovered in certain Apple products. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 76.7%. HIGH 8.1 76.7% 152
PoC No patch
CVE-2012-0663 Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 69.6%. CRITICAL 9.3 69.6% 151
PoC No patch
CVE-2015-7007 Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.2%. HIGH 7.5 78.2% 151
PoC No patch
CVE-2025-24085 Apple CoreMedia contains a use-after-free vulnerability allowing malicious applications to elevate privileges, exploited in the wild against iOS versions before iOS 17.2 as part of targeted surveillance operations. CRITICAL 10.0 25.2% 145
KEV PoC No patch
CVE-2015-1130 The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. HIGH 7.8 20.4% 144
KEV PoC No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy