Filtered by vendor Apple
Subscriptions
Total
12831 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43353 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-09-26 | 5.5 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption. | ||||
| CVE-2025-30438 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-09-26 | 5.5 Medium |
| This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started. | ||||
| CVE-2025-43349 | 1 Apple | 10 Ios, Ipados, Iphone Os and 7 more | 2025-09-26 | 2.8 Low |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted video file may lead to unexpected app termination. | ||||
| CVE-2025-43346 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-09-26 | 5.5 Medium |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, iOS 18.7 and iPadOS 18.7, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | ||||
| CVE-2025-43276 | 1 Apple | 2 Macos, Macos Sequoia | 2025-09-25 | 5.3 Medium |
| A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time. | ||||
| CVE-2025-1398 | 2 Apple, Mattermost | 3 Macos, Mattermost, Mattermost Desktop | 2025-09-25 | 3.3 Low |
| Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection. | ||||
| CVE-2025-10500 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-25 | 8.8 High |
| Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-10501 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-25 | 8.8 High |
| Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-10502 | 4 Apple, Google, Linux and 1 more | 5 Macos, Angle, Chrome and 2 more | 2025-09-25 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High) | ||||
| CVE-2025-10890 | 4 Apple, Google, Linux and 1 more | 5 Macos, Chrome, V8 and 2 more | 2025-09-25 | 9.1 Critical |
| Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-10891 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-25 | 8.8 High |
| Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-10892 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-25 | 8.8 High |
| Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-10906 | 2 Apple, Magnetism Studios | 2 Macos, Endurance | 2025-09-25 | 8.4 High |
| A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can lead to missing authentication. The attack needs to be launched locally. The exploit has been published and may be used. | ||||
| CVE-2025-23249 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-09-24 | 7.6 High |
| NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
| CVE-2025-23250 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-09-24 | 7.6 High |
| NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
| CVE-2025-23251 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-09-24 | 7.6 High |
| NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
| CVE-2025-23304 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-09-24 | 7.8 High |
| NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering. | ||||
| CVE-2025-23303 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-09-23 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
| CVE-2025-23360 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-09-23 | 7.1 High |
| NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering. | ||||
| CVE-2025-43368 | 1 Apple | 5 Ios, Ipados, Iphone Os and 2 more | 2025-09-23 | 4.3 Medium |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||