485
CVEs
31
Critical
171
High
4
KEV
15
PoC
66
Unpatched C/H
62.5%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
31
HIGH
171
MEDIUM
247
LOW
35
Monthly CVE Trend
Affected Products (30)
macOS
370
iOS
210
Ipados
79
Iphone Os
74
Windows
46
Open Redirect
32
Ios Xe
31
Android
31
Safari
29
Visionos
26
Tvos
23
Watchos
23
Python
22
Docker
15
Node.js
14
Ios Xr
13
PHP
10
Jwt Attack
7
Chrome
7
Linux Kernel
7
Ubuntu
6
Virtual Appliance Application
5
Virtual Appliance Host
5
Mobile Security Framework
4
Meeting Software Development Kit
4
Java
4
Workplace Desktop
4
PostgreSQL
3
Video Software Development Kit
3
Rooms
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-20700 | Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary. | HIGH | 7.8 | 0.4% | 109 |
KEV
PoC
No patch
|
| CVE-2025-43510 | Apple kernel lock state checking flaw allows a malicious application to cause unexpected changes in memory shared between processes, potentially enabling cross-process data manipulation on iOS, macOS, and other Apple platforms. | HIGH | 7.8 | 0.0% | 109 |
KEV
PoC
No patch
|
| CVE-2025-43520 | Apple kernel memory corruption in multiple operating systems allows a malicious application to cause unexpected system termination or write kernel memory via an out-of-bounds write flaw addressed in watchOS 26.1, iOS 18.7.2, and macOS Tahoe 26.1. | MEDIUM | 5.5 | 0.0% | 98 |
KEV
PoC
No patch
|
| CVE-2025-43529 | WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users. | HIGH | 8.8 | 0.1% | 94 |
KEV
|
| CVE-2025-66555 | AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control. | HIGH | 8.8 | 0.4% | 64 |
PoC
No patch
|
| CVE-2026-24070 | Native Access on macOS allows local authenticated attackers to inject malicious libraries into the privileged XPC helper process due to overly permissive code signing entitlements, enabling arbitrary code execution with system-level privileges. The vulnerability stems from the application being signed with dyld environment variable and library validation bypass entitlements while communicating with a trusted helper that validates only the signing certificate. Public exploit code exists, and no patch is currently available. | HIGH | 8.8 | 0.0% | 64 |
PoC
No patch
|
| CVE-2026-47114 | Arbitrary command execution in IINA media player for macOS versions prior to 1.4.3 allows remote attackers to run shell commands as the logged-in user by tricking the victim into approving an iina://open URL containing malicious mpv_-prefixed parameters. Publicly available exploit code exists and a vendor patch has been released; exploitation requires a single browser protocol prompt approval (UI:A) but no authentication and no valid media file. | HIGH | 8.6 | 0.2% | 63 |
PoC
|
| CVE-2025-65843 | Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the ~/Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius recursively enumerates logs using a JUCE directory iterator configured to follow symlinks, and later writes file data without validating whether the target is a symbolic link. A local attacker can exploit this behavior by planting symlinks to arbitrary filesystem locations, resulting in unauthorized disclosure or modification of arbitrary files. When chained with the associated HelperTool privilege escalation issue, root-owned files may also be exposed. | HIGH | 7.7 | 0.0% | 59 |
PoC
No patch
|
| CVE-2025-7007 | NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3. | HIGH | 7.5 | 0.0% | 58 |
PoC
No patch
|
| CVE-2025-65841 | Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate recovery of the plaintext value. Any attacker who can read this settings file can fully compromise the victim's Aquarius account by importing the stolen configuration into their own client or login through the vendor website. This results in complete account takeover, unauthorized access to cloud-synchronized data, and the ability to perform authenticated actions as the user. | MEDIUM | 6.2 | 0.1% | 51 |
PoC
No patch
|
| CVE-2025-62686 | A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potentially resulting in code execution with elevated privileges. | MEDIUM | 6.2 | 0.0% | 51 |
PoC
No patch
|
| CVE-2025-55076 | A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges. | MEDIUM | 6.2 | 0.0% | 51 |
PoC
No patch
|
| CVE-2026-31852 | Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0. | CRITICAL | 10.0 | 0.1% | 50 |
No patch
|
| CVE-2026-39842 | Remote code execution as root in OpenRemote IoT platform's rules engine (versions prior to 1.20.3) allows authenticated non-superuser attackers with write:rules role to execute arbitrary Java code via unsandboxed JavaScript rulesets. The vulnerability stems from Nashorn ScriptEngine.eval() executing user-supplied JavaScript without ClassFilter restrictions, enabling Java.type() access to any JVM class including java.lang.Runtime. Attackers can compromise the entire multi-tenant platform, steal c | CRITICAL | 9.9 | 0.1% | 50 |
|
| CVE-2025-43428 | Unauthenticated access to Hidden Photos Album in Apple iOS, iPadOS, macOS, and visionOS allows remote attackers to view protected photos without authentication due to a configuration flaw. Fixed in iOS/iPadOS 26.2, macOS Tahoe 26.2, and visionOS 26.2. CVSS 9.8 (Critical) reflects network-based unauthenticated access, though EPSS of 0.13% (32nd percentile) suggests low observed exploitation probability. No public exploit identified at time of analysis, and not listed in CISA KEV. This represents a privacy-critical authentication bypass affecting Apple's Photos app across all major platforms. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|