Filtered by vendor Apple
Subscriptions
Total
13194 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30662 | 2 Apple, Zoom | 5 Macos, Workplace, Workplace App and 2 more | 2026-01-09 | 6.6 Medium |
| Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access. | ||||
| CVE-2025-14553 | 3 Apple, Google, Tp-link | 4 Ios, Android, Tapo and 1 more | 2026-01-09 | N/A |
| Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged. | ||||
| CVE-2022-32872 | 1 Apple | 2 Ipados, Iphone Os | 2026-01-07 | 2.4 Low |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen. | ||||
| CVE-2022-32912 | 2 Apple, Redhat | 4 Ipados, Iphone Os, Safari and 1 more | 2026-01-07 | 8.8 High |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2025-57741 | 2 Apple, Fortinet | 3 Macos, Forticlient, Forticlientmac | 2026-01-07 | 7 High |
| An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking. | ||||
| CVE-2025-64785 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-01-07 | 7.8 High |
| Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-43531 | 1 Apple | 9 Ios, Ipados, Iphone Os and 6 more | 2026-01-07 | 3.1 Low |
| A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43501 | 2 Apple, Webkitgtk | 8 Ios, Ipados, Iphone Os and 5 more | 2026-01-07 | 4.3 Medium |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-14023 | 2 Apple, Linecorp | 2 Ios, Line | 2026-01-07 | 3.1 Low |
| LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions. | ||||
| CVE-2025-14022 | 2 Apple, Linecorp | 2 Ios, Line | 2026-01-07 | 7.7 High |
| LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of network traffic, which could allow a network-adjacent attacker to intercept or modify encrypted communications. | ||||
| CVE-2025-43538 | 1 Apple | 2 Macos, Macos Sonoma | 2026-01-07 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-55311 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2026-01-07 | 6.5 Medium |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification by hiding document modifications, allowing an attacker to mislead users about the document's integrity and compromise the trustworthiness of signed PDFs. | ||||
| CVE-2025-14744 | 2 Apple, Mozilla | 3 Ios, Firefox, Firefox For Ios | 2026-01-06 | 6.5 Medium |
| Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0. | ||||
| CVE-2025-55309 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2026-01-06 | 6.7 Medium |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes. | ||||
| CVE-2025-66723 | 3 Apple, Inmusicbrands, Microsoft | 3 Macos, Engine Dj Desktop, Windows | 2026-01-05 | 7.5 High |
| inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths. | ||||
| CVE-2025-43320 | 1 Apple | 2 Macos, Macos Sequoia | 2026-01-05 | 7.8 High |
| The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26, macOS Sequoia 15.7.3. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges. | ||||
| CVE-2025-12843 | 2 Apple, Waveterm | 3 Macos, Wave Terminal, Waveterm | 2026-01-05 | 5.5 Medium |
| Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2. | ||||
| CVE-2024-46060 | 2 Anaconda, Apple | 2 Anaconda3, Macos | 2026-01-05 | 7.8 High |
| Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user. | ||||
| CVE-2024-46062 | 3 Anaconda, Apple, Conda | 3 Miniconda3, Macos, Miniconda3 | 2026-01-05 | 7.8 High |
| Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user. | ||||
| CVE-2025-15246 | 2 Aizuda, Apple | 2 Snail-job, Macos | 2026-01-05 | 6.3 Medium |
| A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||