Filtered by vendor Apple
Subscriptions
Total
13560 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21319 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | 5.5 Medium |
| After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21350 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | 5.5 Medium |
| After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-50891 | 2 Apple, Skyjos | 7 Ipados, Iphone Os, Macos and 4 more | 2026-02-02 | 5 Medium |
| Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers. | ||||
| CVE-2025-46316 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2026-01-30 | 4.3 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, Pages 15.1, macOS Tahoe 26.1. Processing a maliciously crafted Pages document may result in unexpected termination or disclosure of process memory. | ||||
| CVE-2026-0901 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2026-01-30 | 5.4 Medium |
| Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-0907 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 9.8 Critical |
| Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-0906 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2026-01-29 | 9.8 Critical |
| Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-0905 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 9.8 Critical |
| Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium) | ||||
| CVE-2026-0904 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 5.4 Medium |
| Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-0903 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 5.4 Medium |
| Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2026-0902 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-50890 | 2 Apple, Skyjos | 7 Ipados, Iphone Os, Macos and 4 more | 2026-01-29 | 7.5 High |
| Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the device. | ||||
| CVE-2025-24090 | 1 Apple | 4 Ios, Ipad Os, Ipados and 1 more | 2026-01-27 | 3.3 Low |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2025-24089 | 1 Apple | 4 Ios, Ipad Os, Ipados and 1 more | 2026-01-27 | 5.3 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2024-54556 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2026-01-27 | 2.4 Low |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen. | ||||
| CVE-2024-44210 | 1 Apple | 1 Macos | 2026-01-27 | 3.3 Low |
| This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. | ||||
| CVE-2025-31186 | 1 Apple | 1 Xcode | 2026-01-27 | 3.3 Low |
| A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences. | ||||
| CVE-2025-43508 | 1 Apple | 2 Macos, Macos Tahoe | 2026-01-27 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2026-20613 | 1 Apple | 2 Container, Containerization | 2026-01-27 | 7.8 High |
| The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0. | ||||
| CVE-2021-47827 | 2 Apple, Webssh | 2 Ios, Webssh | 2026-01-26 | 7.5 High |
| WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field, causing the application to crash. | ||||