Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-46277

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-17 Dec, 2025 | 20:46
Updated At-02 Apr, 2026 | 18:07
Rejected At-
Credits

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, watchOS 26.2. An app may be able to access a user’s Safari history.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:17 Dec, 2025 | 20:46
Updated At:02 Apr, 2026 | 18:07
Rejected At:
▼CVE Numbering Authority (CNA)

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, watchOS 26.2. An app may be able to access a user’s Safari history.

Affected Products
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From 0 before 26.2 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From 0 before 26.2 (custom)
Vendor
Apple Inc.Apple
Product
watchOS
Versions
Affected
  • From 0 before 26.2 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AAn app may be able to access a user’s Safari history
Type: N/A
CWE ID: N/A
Description: An app may be able to access a user’s Safari history
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/125884
N/A
https://support.apple.com/en-us/125886
N/A
https://support.apple.com/en-us/125890
N/A
Hyperlink: https://support.apple.com/en-us/125884
Resource: N/A
Hyperlink: https://support.apple.com/en-us/125886
Resource: N/A
Hyperlink: https://support.apple.com/en-us/125890
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-532CWE-532 Insertion of Sensitive Information into Log File
Type: CWE
CWE ID: CWE-532
Description: CWE-532 Insertion of Sensitive Information into Log File
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:17 Dec, 2025 | 21:16
Updated At:02 Apr, 2026 | 19:21

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, watchOS 26.2. An app may be able to access a user’s Safari history.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Apple Inc.
apple
>>ipados>>Versions before 26.2(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 26.2(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions before 26.2(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>watchos>>Versions before 26.2(exclusive)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-532Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-532
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.apple.com/en-us/125884product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/125886product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/125890product-security@apple.com
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/125884
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/125886
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/125890
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

585Records found
CVE-2026-20663
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.12% / 1.94%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user's installed apps.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-20646
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.12% / 2.27%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-44205
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.35%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 16:40
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sandboxed app may be able to access sensitive user data in system logs.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-44239
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 18.77%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:07
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to leak sensitive kernel state.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-44166
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.75%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-40791
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.25% / 15.58%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-43508
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 4.27%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 17:06
Updated-02 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-43475
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 3.00%
||
7 Day CHG~0.00%
Published-17 Dec, 2025 | 20:46
Updated-02 Apr, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-43517
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.17% / 6.62%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 20:56
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-43426
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 14.91%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 01:17
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacOSiOS and iPadOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-27849
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.17% / 6.92%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:07
Updated-02 Apr, 2026 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-23242
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.21% / 11.76%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:36
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to view Mail data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacosmacOSiOS and iPadOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-24145
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.22% / 12.83%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An app may be able to view a contact's phone number in system logs.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-4688
Matching Score-10
Assigner-Acronis International GmbH
ShareView Details
Matching Score-10
Assigner-Acronis International GmbH
CVSS Score-4.4||MEDIUM
EPSS-0.24% / 14.54%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 20:26
Updated-26 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Agent
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-45241
Matching Score-10
Assigner-Acronis International GmbH
ShareView Details
Matching Score-10
Assigner-Acronis International GmbH
CVSS Score-4.4||MEDIUM
EPSS-0.17% / 6.63%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 21:57
Updated-20 Sep, 2024 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Cyber Protect Cloud AgentAcronis Cyber Protect 16
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-46647
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-2.5||LOW
EPSS-0.18% / 7.99%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-54484
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 12.31%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:59
Updated-02 Apr, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-281
Improper Preservation of Permissions
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-4448
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 20.58%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:21
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, tvOS 12.1.1. A local user may be able to read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvosmacOSiOS
CVE-2026-28831
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 6.91%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:31
Updated-02 Apr, 2026 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2026-28881
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 7.33%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:32
Updated-02 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-285
Improper Authorization
CVE-2026-28877
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 6.16%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:32
Updated-11 May, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacoswatchosmacOSvisionOSwatchOSiOS and iPadOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-28993
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 2.18%
||
7 Day CHG-0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macOSvisionOSiOS and iPadOS
CWE ID-CWE-284
Improper Access Control
CVE-2026-28910
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.12% / 2.04%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files.

Action-Not Available
Vendor-Apple Inc.
Product-macOS
CWE ID-CWE-284
Improper Access Control
CVE-2026-28988
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 2.85%
||
7 Day CHG-0.01%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences.

Action-Not Available
Vendor-Apple Inc.
Product-macOSvisionOSwatchOSiOS and iPadOS
CWE ID-CWE-284
Improper Access Control
CVE-2026-30785
Matching Score-8
Assigner-VULSec Labs
ShareView Details
Matching Score-8
Assigner-VULSec Labs
CVSS Score-8.2||HIGH
EPSS-0.08% / 0.35%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 16:04
Updated-25 Mar, 2026 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id(). This issue affects RustDesk Client: through 1.4.5.

Action-Not Available
Vendor-rustdeskrustdesk-clientApple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelrustdeskwindowsmacosRustDesk Client
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CWE ID-CWE-323
Reusing a Nonce, Key Pair in Encryption
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2021-27204
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 20.82%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 07:48
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.

Action-Not Available
Vendor-telegramn/aApple Inc.
Product-macostelegramn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-30756
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 20.39%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 13:45
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOSiOS and iPadOS
CVE-2021-31013
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.80% / 51.79%
||
7 Day CHG+0.03%
Published-24 Aug, 2021 | 18:51
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted font may result in the disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30967
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 17.48%
||
7 Day CHG+0.01%
Published-24 Aug, 2021 | 18:51
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A local attacker may be able to read sensitive information.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CVE-2022-43666
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.22% / 11.81%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2022-43540
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.18%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 20:08
Updated-10 Apr, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba NetworksApple Inc.
Product-clearpass_policy_managermacosAruba ClearPass Policy Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-42790
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 20.70%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. A user may be able to view restricted content from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOS
CVE-2021-27205
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 20.82%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 07:48
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.

Action-Not Available
Vendor-telegramn/aApple Inc.
Product-macostelegramn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2026-20696
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 1.64%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-862
Missing Authorization
CVE-2026-20629
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 1.81%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:59
Updated-02 Apr, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2026-20681
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.11% / 1.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-20630
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 2.00%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-277
Insecure Inherited Permissions
CVE-2026-20694
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 9.50%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:32
Updated-02 Apr, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOS
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-20656
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.11% / 1.83%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved validation. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3. An app may be able to access a user's Safari history.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ossafariipadosmacosSafariiOS and iPadOSmacOS
CWE ID-CWE-285
Improper Authorization
CVE-2026-20601
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.14% / 3.77%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2026-20670
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 2.16%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:31
Updated-02 Apr, 2026 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2026-20678
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 2.44%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-23827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 21.04%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 23:07
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.

Action-Not Available
Vendor-keybasen/aRed Hat, Inc.Microsoft CorporationApple Inc.
Product-windowsmacoslinuxkeybasen/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2026-20669
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 2.80%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-43351
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 4.25%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 20:56
Updated-02 Apr, 2026 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2022-32883
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 37.02%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 00:00
Updated-29 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadoswatchosmacOSiOS
CWE ID-CWE-284
Improper Access Control
CVE-2024-44293
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 2.75%
||
7 Day CHG~0.00%
Published-20 Dec, 2024 | 04:06
Updated-02 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-44134
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 10.83%
||
7 Day CHG-0.00%
Published-16 Sep, 2024 | 23:23
Updated-02 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-44147
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.7||HIGH
EPSS-0.18% / 7.83%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-02 Apr, 2026 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOSios_and_ipados
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-32855
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found