447
CVEs
26
Critical
123
High
4
KEV
20
PoC
126
Unpatched C/H
15.7%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
26
HIGH
123
MEDIUM
259
LOW
37
Monthly CVE Trend
Affected Products (30)
macOS
390
iOS
240
Memory Corruption
81
Ipados
78
Iphone Os
73
Windows
46
Safari
36
Android
34
Open Redirect
32
Ios Xe
31
Visionos
26
Use After Free
23
Tvos
23
Watchos
23
Command Injection
19
Firefox
17
Race Condition
15
Ios Xr
13
Null Pointer Dereference
12
Python
9
Node.js
8
Docker
8
Integer Overflow
7
Jwt Attack
7
PHP
7
Chrome
7
Linux Kernel
7
Ubuntu
6
Virtual Appliance Host
5
Virtual Appliance Application
5
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-20700 | Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary. | HIGH | 7.8 | 0.4% | 109 |
KEV
PoC
No patch
|
| CVE-2025-43510 | Apple kernel lock state checking flaw allows a malicious application to cause unexpected changes in memory shared between processes, potentially enabling cross-process data manipulation on iOS, macOS, and other Apple platforms. | HIGH | 7.8 | 0.0% | 109 |
KEV
PoC
No patch
|
| CVE-2025-43520 | Apple kernel memory corruption in multiple operating systems allows a malicious application to cause unexpected system termination or write kernel memory via an out-of-bounds write flaw addressed in watchOS 26.1, iOS 18.7.2, and macOS Tahoe 26.1. | MEDIUM | 5.5 | 0.0% | 98 |
KEV
PoC
No patch
|
| CVE-2025-43529 | WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users. | HIGH | 8.8 | 0.1% | 94 |
KEV
|
| CVE-2025-66555 | AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control. | HIGH | 8.8 | 0.4% | 64 |
PoC
No patch
|
| CVE-2025-65843 | Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the ~/Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius recursively enumerates logs using a JUCE directory iterator configured to follow symlinks, and later writes file data without validating whether the target is a symbolic link. A local attacker can exploit this behavior by planting symlinks to arbitrary filesystem locations, resulting in unauthorized disclosure or modification of arbitrary files. When chained with the associated HelperTool privilege escalation issue, root-owned files may also be exposed. | HIGH | 7.7 | 0.0% | 59 |
PoC
No patch
|
| CVE-2025-7007 | NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3. | HIGH | 7.5 | 0.0% | 58 |
PoC
No patch
|
| CVE-2025-65841 | Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate recovery of the plaintext value. Any attacker who can read this settings file can fully compromise the victim's Aquarius account by importing the stolen configuration into their own client or login through the vendor website. This results in complete account takeover, unauthorized access to cloud-synchronized data, and the ability to perform authenticated actions as the user. | MEDIUM | 6.2 | 0.1% | 51 |
PoC
No patch
|
| CVE-2025-62686 | A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potentially resulting in code execution with elevated privileges. | MEDIUM | 6.2 | 0.0% | 51 |
PoC
No patch
|
| CVE-2025-55076 | A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges. | MEDIUM | 6.2 | 0.0% | 51 |
PoC
No patch
|
| CVE-2026-31852 | Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0. | CRITICAL | 10.0 | 0.1% | 50 |
No patch
|
| CVE-2025-43428 | Unauthenticated access to Hidden Photos Album in Apple iOS, iPadOS, macOS, and visionOS allows remote attackers to view protected photos without authentication due to a configuration flaw. Fixed in iOS/iPadOS 26.2, macOS Tahoe 26.2, and visionOS 26.2. CVSS 9.8 (Critical) reflects network-based unauthenticated access, though EPSS of 0.13% (32nd percentile) suggests low observed exploitation probability. No public exploit identified at time of analysis, and not listed in CISA KEV. This represents a privacy-critical authentication bypass affecting Apple's Photos app across all major platforms. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2026-2634 | Address bar spoofing in Firefox before 148 allows malicious scripts to desynchronize the displayed URL from actual web content before receiving a response, enabling phishing attacks. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2025-43526 | Apple Safari and macOS Lockdown Mode can be bypassed to access restricted Web APIs through maliciously crafted file URLs due to insufficient URL validation. Affects Safari 26.2 and macOS Tahoe 26.2 on systems with Lockdown Mode enabled. Remote attackers can potentially execute high-impact attacks leveraging APIs meant to be restricted in high-security configurations. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis. This represents a serious compromise of Apple's enhanced security feature designed to protect high-risk users from targeted attacks. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2026-28858 | Insufficient bounds checking in Apple iOS and iPadOS 26.4 allows unauthenticated remote attackers to trigger buffer overflow conditions that corrupt kernel memory or cause system crashes without user interaction. This critical vulnerability affects all devices running the affected OS versions and has no available patch. An attacker can exploit this flaw over the network to achieve denial of service or potentially escalate privileges through kernel memory corruption. | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|