Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-28903

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-11 May, 2026 | 20:07
Updated At-13 May, 2026 | 19:58
Rejected At-
Credits

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:11 May, 2026 | 20:07
Updated At:13 May, 2026 | 19:58
Rejected At:
â–¼CVE Numbering Authority (CNA)

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Affected Products
Vendor
Apple Inc.Apple
Product
Safari
Versions
Affected
  • From 0 before 26.5 (custom)
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From 0 before 18.7.9 (custom)
  • From 0 before 26.5 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From 0 before 26.5 (custom)
Vendor
Apple Inc.Apple
Product
tvOS
Versions
Affected
  • From 0 before 26.5 (custom)
Vendor
Apple Inc.Apple
Product
visionOS
Versions
Affected
  • From 0 before 26.5 (custom)
Vendor
Apple Inc.Apple
Product
watchOS
Versions
Affected
  • From 0 before 26.5 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AProcessing maliciously crafted web content may lead to an unexpected process crash
Type: N/A
CWE ID: N/A
Description: Processing maliciously crafted web content may lead to an unexpected process crash
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/127110
N/A
https://support.apple.com/en-us/127111
N/A
https://support.apple.com/en-us/127115
N/A
https://support.apple.com/en-us/127118
N/A
https://support.apple.com/en-us/127119
N/A
https://support.apple.com/en-us/127120
N/A
https://support.apple.com/en-us/127121
N/A
Hyperlink: https://support.apple.com/en-us/127110
Resource: N/A
Hyperlink: https://support.apple.com/en-us/127111
Resource: N/A
Hyperlink: https://support.apple.com/en-us/127115
Resource: N/A
Hyperlink: https://support.apple.com/en-us/127118
Resource: N/A
Hyperlink: https://support.apple.com/en-us/127119
Resource: N/A
Hyperlink: https://support.apple.com/en-us/127120
Resource: N/A
Hyperlink: https://support.apple.com/en-us/127121
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-119
Description: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:11 May, 2026 | 21:18
Updated At:14 May, 2026 | 14:32

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CPE Matches
Apple Inc.
apple
>>ipados>>Versions before 18.7.9(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>ipados>>Versions from 26.0(inclusive) to 26.5(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 18.7.9(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions from 26.0(inclusive) to 26.5(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 26.0(inclusive) to 26.5(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>Versions before 26.5(exclusive)
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>visionos>>Versions before 26.5(exclusive)
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>watchos>>Versions before 26.5(exclusive)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-119
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.apple.com/en-us/127110product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/127111product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/127115product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/127118product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/127119product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/127120product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/127121product-security@apple.com
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/127110
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/127111
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/127115
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/127118
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/127119
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/127120
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/127121
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2476Records found
CVE-2026-28902
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.82%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-14 May, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28847
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.67%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-22 May, 2026 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchosvisionOSwatchOSmacOStvOSiOS and iPadOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-20644
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.30%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:59
Updated-02 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-visionossafarimacosiphone_osipadosSafariiOS and iPadOSmacOSvisionOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20657
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 24.61%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:31
Updated-11 May, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. Parsing a maliciously crafted file may lead to an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSvisionOSiOS and iPadOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20636
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.55%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-visionossafarimacosiphone_osipadosSafariiOS and iPadOSmacOSvisionOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-24222
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 57.43%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-02 Apr, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-41983
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.33% / 80.16%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 18:32
Updated-13 Feb, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectApple Inc.
Product-iphone_osdebian_linuxipadossafarifedoramacosiOS and iPadOSmacOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-46298
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2026 | 21:16
Updated-02 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-43214
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.38% / 80.49%
||
7 Day CHG+0.99%
Published-29 Jul, 2025 | 23:35
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-43212
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 68.38%
||
7 Day CHG+0.40%
Published-29 Jul, 2025 | 23:35
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-43213
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 72.68%
||
7 Day CHG+0.52%
Published-29 Jul, 2025 | 23:29
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-43272
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.60%
||
7 Day CHG+0.01%
Published-15 Sep, 2025 | 22:34
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-visionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOSiOS and iPadOSwatchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-35260
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.43%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 00:00
Updated-19 Nov, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.

Action-Not Available
Vendor-n/aNetApp, Inc.Splunk LLC (Cisco Systems, Inc.)Apple Inc.CURL
Product-clustered_data_ontapuniversal_forwarderh500sh410s_firmwareh700s_firmwareh300s_firmwareh500s_firmwareh410smacoscurlh700sh300shttps://github.com/curl/curl
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28875
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.37%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 15:09
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Action-Not Available
Vendor-Apple Inc.F-Secure CorporationMicrosoft Corporation
Product-linux_securitycloud_protection_for_salesforceelements_endpoint_protectionatlantelements_collaboration_protectionelements_endpoint_detection_and_responsewindowsmacosinternet_gatekeeperAll F-Secure & WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce & WithSecure Collaboration Protection
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-35559
Matching Score-8
Assigner-Amazon
ShareView Details
Matching Score-8
Assigner-Amazon
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.42%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 20:13
Updated-14 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds write in query processing components in Amazon Athena ODBC driver

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0.0.

Action-Not Available
Vendor-amazonAmazonApple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelathena_odbcwindowsmacosAmazon Athena ODBC driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24158
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.86% / 75.27%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-21 May, 2026 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosvisionOSwatchOSmacOStvOSiOS and iPadOSSafari
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-3862
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 43.97%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 20:45
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service.

Action-Not Available
Vendor-openSUSEApple Inc.
Product-itunesiphone_osipadostvossafariicloudleapiTunes for WindowsiCloud for WindowsSafariiOSiCloud for Windows (Legacy)tvOS
CVE-2026-28946
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.78%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSSafari
CWE ID-CWE-416
Use After Free
CVE-2026-28942
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 2.73%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-14 May, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-416
Use After Free
CVE-2026-28918
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.46%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-28956
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.67%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-28857
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.68%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:31
Updated-02 Apr, 2026 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-visionossafarimacosiphone_osipadosSafariiOS and iPadOSmacOSvisionOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-28879
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.45%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:32
Updated-02 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-416
Use After Free
CVE-2026-28835
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.23%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:32
Updated-02 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. Mounting a maliciously crafted SMB network share may lead to system termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-416
Use After Free
CVE-2024-54478
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 55.31%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-54505
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 72.31%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-54658
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-10 Feb, 2025 | 18:09
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-54497
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.84%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing web content may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-20690
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.41%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:32
Updated-02 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing an audio stream in a maliciously crafted media file may terminate the process.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2010-2249
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.57% / 81.75%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Action-Not Available
Vendor-libpngn/aCanonical Ltd.Apple Inc.openSUSESUSEDebian GNU/LinuxVMware (Broadcom Inc.)Fedora Project
Product-itunesdebian_linuxubuntu_linuxplayerlinux_enterprise_serverlibpngiphone_ossafariworkstationfedoratvosopensusen/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2010-1282
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-1.40% / 80.64%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosshockwave_playern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-40832
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 38.64%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 09:45
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.

Action-Not Available
Vendor-Apple Inc.F-Secure CorporationMicrosoft Corporation
Product-linux_securitycloud_protection_for_salesforceelements_endpoint_protectionatlantelements_for_microsoft_365elements_endpoint_detection_and_responsewindowsmacosinternet_gatekeeperF-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce and Cloud Protection for Microsoft Office 365
CVE-2021-36976
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.78%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 06:49
Updated-03 Nov, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

Action-Not Available
Vendor-n/aFedora ProjectApple Inc.libarchiveSplunk LLC (Cisco Systems, Inc.)
Product-watchosipadosfedoralibarchivemacosuniversal_forwarderiphone_osn/a
CWE ID-CWE-416
Use After Free
CVE-2021-33603
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.54%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 09:45
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.

Action-Not Available
Vendor-Apple Inc.F-Secure CorporationMicrosoft Corporation
Product-linux_securitycloud_protection_for_salesforceelements_endpoint_protectionatlantelements_for_microsoft_365elements_endpoint_detection_and_responsewindowsmacosinternet_gatekeeperF-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce and Cloud Protection for Microsoft Office 365
CVE-2021-30965
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 57.58%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:51
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to cause a denial of service to Endpoint Security clients.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CVE-2024-44234
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.42%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 20:41
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-44297
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 65.35%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:07
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted message may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosipad_osmacosiphone_osvisionOSmacOStvOSiOS and iPadOSwatchOS
CVE-2024-44192
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.41%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 19:11
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osSafarivisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-44236
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.90% / 75.91%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Processing a maliciously crafted file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44233
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.22%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 20:41
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-44283
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.04%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Parsing a maliciously crafted file may lead to an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-44237
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.38%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Processing a maliciously crafted file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmac_os
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44220
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.41%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-02 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-44284
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.29%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Parsing a maliciously crafted file may lead to an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24188
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 70.75%
||
7 Day CHG+0.46%
Published-29 Jul, 2025 | 23:36
Updated-02 Apr, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-macossafariSafarimacOS
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2025-24123
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.03%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CVE-2025-24106
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.47%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2025-24162
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.18% / 78.99%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2008-3281
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 74.30%
||
7 Day CHG~0.00%
Published-27 Aug, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.libxml2 (XMLSoft)Red Hat, Inc.Debian GNU/LinuxVMware (Broadcom Inc.)Fedora Project
Product-enterprise_linux_eusdebian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationesxenterprise_linux_desktopiphone_ossafarifedoralibxml2n/a
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2023-40441
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 47.83%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 20:14
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacosiOS and iPadOSmacOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 49
  • 50
  • Next
Details not found