Export limit exceeded: 347143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347143 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31240 | 1 Apple | 1 Macos | 2026-04-28 | 7.5 High |
| This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. Mounting a maliciously crafted AFP network share may lead to system termination. | ||||
| CVE-2025-31217 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2026-04-28 | 6.5 Medium |
| The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2025-24111 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-28 | 5.5 Medium |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected system termination. | ||||
| CVE-2025-31256 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes. | ||||
| CVE-2025-24258 | 1 Apple | 1 Macos | 2026-04-28 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to gain root privileges. | ||||
| CVE-2025-24183 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A local user may be able to modify protected parts of the file system. | ||||
| CVE-2025-31263 | 1 Apple | 1 Macos | 2026-04-28 | 9.1 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory. | ||||
| CVE-2025-31198 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A path handling issue was addressed with improved validation. | ||||
| CVE-2025-31264 | 1 Apple | 1 Macos | 2026-04-28 | 4.6 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2025-31199 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-28 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data. | ||||
| CVE-2025-31231 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read sensitive location information. | ||||
| CVE-2026-33694 | 1 Tenable | 2 Nessus, Nessus Agent | 2026-04-28 | N/A |
| This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges. | ||||
| CVE-2025-49552 | 3 Adobe, Apple, Microsoft | 3 Connect, Macos, Windows | 2026-04-28 | 8.1 High |
| Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed. | ||||
| CVE-2025-31261 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data. | ||||
| CVE-2025-43200 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2026-04-28 | 4.2 Medium |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. | ||||
| CVE-2025-48700 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra | 2026-04-28 | 6.1 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction. | ||||
| CVE-2026-21728 | 1 Grafana | 1 Tempo | 2026-04-28 | 7.5 High |
| Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18). | ||||
| CVE-2026-25035 | 2 Wasiliy Strecker / Contestgallery Developer, Wordpress | 2 Contest Gallery, Wordpress | 2026-04-28 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2. | ||||
| CVE-2025-31267 | 1 Apple | 1 App Store Connect | 2026-04-28 | 4.6 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information. | ||||
| CVE-2025-43235 | 1 Apple | 2 Macos, Macos Sequoia | 2026-04-28 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause a denial-of-service. | ||||