VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,451 total · sorted by risk
  • CVE-2026-28889Mar 25, 2026
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.

  • CVE-2026-28893Mar 25, 2026
    risk 0.00cvss epss 0.00

    A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.4. A document may be written to a temporary file when using print preview.

  • CVE-2026-20631Mar 25, 2026
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges.

  • CVE-2026-20670Mar 25, 2026
    risk 0.00cvss epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.

  • CVE-2026-20688Mar 25, 2026
    risk 0.00cvss epss 0.00

    A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox.

  • CVE-2026-28892Mar 25, 2026
    risk 0.00cvss epss 0.00

    A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.

  • CVE-2026-28867Mar 25, 2026
    risk 0.00cvss epss 0.00

    This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state.

  • CVE-2026-28888Mar 25, 2026
    risk 0.00cvss epss 0.00

    A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain root privileges.

  • CVE-2026-20692Mar 25, 2026
    risk 0.00cvss epss 0.00

    A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. "Hide IP Address" and "Block All Remote Content" may not apply to all mail content.

  • CVE-2026-28871Mar 25, 2026
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.

  • CVE-2026-20651Mar 25, 2026
    risk 0.00cvss epss 0.00

    A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.

  • CVE-2026-20643Mar 17, 2026
    risk 0.00cvss epss 0.00

    A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4.…

  • CVE-2023-43010Mar 12, 2026
    risk 0.00cvss epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.

  • CVE-2026-20629Feb 11, 2026
    risk 0.00cvss epss 0.00

    A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.

  • CVE-2026-20648Feb 11, 2026
    risk 0.00cvss epss 0.00

    A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices.

  • CVE-2026-20669Feb 11, 2026
    risk 0.00cvss epss 0.00

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.

  • CVE-2026-20674Feb 11, 2026
    risk 0.00cvss epss 0.00

    A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.

  • CVE-2026-20623Feb 11, 2026
    risk 0.00cvss epss 0.00

    A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.

  • CVE-2026-20662Feb 11, 2026
    risk 0.00cvss epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.

  • CVE-2026-20619Feb 11, 2026
    risk 0.00cvss epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.

  • CVE-2026-20658Feb 11, 2026
    risk 0.00cvss epss 0.00

    A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.

  • CVE-2026-20681Feb 11, 2026
    risk 0.00cvss epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.

  • CVE-2026-20642Feb 11, 2026
    risk 0.00cvss epss 0.00

    An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen.

  • CVE-2026-20603Feb 11, 2026
    risk 0.00cvss epss 0.00

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information.

  • CVE-2026-20638Feb 11, 2026
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions.

  • CVE-2026-20618Feb 11, 2026
    risk 0.00cvss epss 0.00

    An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.

  • CVE-2026-20601Feb 11, 2026
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission.

  • CVE-2026-20640Feb 11, 2026
    risk 0.00cvss epss 0.00

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with…

  • CVE-2026-20682Feb 11, 2026
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker may be able to discover a user’s deleted notes.

  • CVE-2026-20646Feb 11, 2026
    risk 0.00cvss epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information.

  • CVE-2026-20666Feb 11, 2026
    risk 0.00cvss epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.

  • CVE-2026-20630Feb 11, 2026
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.

  • CVE-2026-20610Feb 11, 2026
    risk 0.00cvss epss 0.00

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.

  • CVE-2026-20647Feb 11, 2026
    risk 0.00cvss epss 0.00

    This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.

  • CVE-2025-46306Jan 28, 2026
    risk 0.00cvss epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents.

  • CVE-2026-20613Jan 22, 2026
    risk 0.00cvss epss 0.00

    The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location…

  • CVE-2025-31186Jan 16, 2026
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.

  • CVE-2025-24090Jan 16, 2026
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.

  • CVE-2025-43508Jan 16, 2026
    risk 0.00cvss epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

  • CVE-2024-44210Jan 16, 2026
    risk 0.00cvss epss 0.00

    This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.

  • CVE-2025-24089Jan 16, 2026
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.

  • CVE-2024-54556Jan 16, 2026
    risk 0.00cvss epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen.

  • CVE-2025-46297Jan 9, 2026
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container.

  • CVE-2025-46286Jan 9, 2026
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment.

  • CVE-2025-43514Dec 17, 2025
    risk 0.00cvss epss 0.00

    The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.

  • CVE-2025-46281Dec 17, 2025
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox.

  • CVE-2025-46278Dec 17, 2025
    risk 0.00cvss epss 0.00

    The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.

  • CVE-2025-43535Dec 17, 2025
    risk 0.00cvss epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-46291Dec 17, 2025
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks.

  • CVE-2025-43475Dec 17, 2025
    risk 0.00cvss epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.

Page 113 of 170