ByteOS Network

Keynote

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-46306

Assigner-Apple Inc.

View Details

Assigner-Apple Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.01% / 2.66%

7 Day CHG~0.00%

Published-28 Jan, 2026 | 17:26

Updated-02 Apr, 2026 | 18:24

The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents.

Vendor-Apple Inc.

Product-iphone_os keynote ipados macos Keynote iOS and iPadOS macOS

CWE ID-CWE-125

Out-of-bounds Read

CVE-2017-20159

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-3.5||LOW

EPSS-0.43% / 62.91%

7 Day CHG~0.00%

Published-31 Dec, 2022 | 10:04

Updated-15 Oct, 2024 | 17:12

rf Keynote rumble.rb cross site scripting

A vulnerability was found in rf Keynote up to 0.x on Rails. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier assigned to this vulnerability.

Vendor-keynote_project rf

Product-keynote Keynote

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')