Filtered by vendor Apple
Subscriptions
Filtered by product Macos
Subscriptions
Total
4699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23258 | 1 Apple | 2 Macos, Visionos | 2025-09-19 | 7.8 High |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in visionOS 1.1, macOS Sonoma 14.4. Processing an image may lead to arbitrary code execution. | ||||
| CVE-2025-43353 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-09-18 | 5.5 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption. | ||||
| CVE-2024-23755 | 3 Apple, Clickup, Microsoft | 3 Macos, Clickup, Windows | 2025-09-18 | 8.8 High |
| ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode. | ||||
| CVE-2025-23315 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-09-18 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-54237 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-09-18 | 5.5 Medium |
| Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54262 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-09-18 | 7.8 High |
| Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43332 | 1 Apple | 1 Macos | 2025-09-17 | 5.2 Medium |
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43328 | 1 Apple | 1 Macos | 2025-09-17 | 3.3 Low |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-43308 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-09-17 | 3.3 Low |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-43294 | 1 Apple | 1 Macos | 2025-09-17 | 3.3 Low |
| An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-43372 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-09-17 | 6.5 Medium |
| The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | ||||
| CVE-2025-43357 | 1 Apple | 4 Ios, Ipados, Iphone Os and 1 more | 2025-09-17 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to fingerprint the user. | ||||
| CVE-2025-43327 | 1 Apple | 2 Macos, Safari | 2025-09-17 | 6.5 Medium |
| The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2025-43329 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2025-09-17 | 8.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26, tvOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43331 | 1 Apple | 1 Macos | 2025-09-17 | 4 Medium |
| A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data. | ||||
| CVE-2025-43333 | 1 Apple | 1 Macos | 2025-09-17 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges. | ||||
| CVE-2025-43337 | 1 Apple | 1 Macos | 2025-09-17 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-43340 | 1 Apple | 1 Macos | 2025-09-17 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43342 | 1 Apple | 8 Ios, Ipados, Iphone Os and 5 more | 2025-09-17 | 9.8 Critical |
| A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43343 | 1 Apple | 8 Ios, Ipados, Iphone Os and 5 more | 2025-09-17 | 9.8 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 26, Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||