Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

tvOS

Source -

CNA

CNA CVEs -

1107

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1107Vulnerabilities found

CVE-2026-43653
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.28%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-macOSiOS and iPadOStvOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-28995
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.12% / 2.48%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A malicious app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-28983
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.63% / 46.16%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-28940
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.63%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-22 May, 2026 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing a maliciously crafted image may corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvosipadosiphone_osvisionosmacosmacOSvisionOSiOS and iPadOStvOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28917
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 21.52%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-20
Improper Input Validation
CVE-2026-39869
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 19.96%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file may terminate the process.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-28901
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 31.22%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadoswatchosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-28956
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 36.60%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-28994
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 15.30%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets.

Action-Not Available
Vendor-Apple Inc.
Product-macOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-416
Use After Free
CVE-2026-43668
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 62.39%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-416
Use After Free
CVE-2026-28977
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.16% / 5.31%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-14 May, 2026 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28920
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 24.46%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-14 May, 2026 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-28985
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.16% / 5.48%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-macOSiOS and iPadOStvOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-28897
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.17% / 6.13%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A local user may be able to cause unexpected system termination or read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-28907
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.1||HIGH
EPSS-0.30% / 22.38%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-14 May, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-20
Improper Input Validation
CVE-2026-43655
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.3||HIGH
EPSS-0.27% / 19.37%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-macOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-43654
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.09%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-14 May, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2026-28947
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.38% / 30.08%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadoswatchosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-416
Use After Free
CVE-2026-43658
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 23.86%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadoswatchosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-28992
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.14% / 3.96%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-28905
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 33.26%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadosvisionosmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-43661
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.42% / 33.85%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacostvoswatchosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-28913
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.33% / 24.73%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacostvoswatchoswatchOSiOS and iPadOStvOSmacOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28987
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.62%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacostvoswatchosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-28991
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.05%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-28883
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.21%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadoswatchosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-416
Use After Free
CVE-2026-28972
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.39% / 69.15%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or write kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-28860
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.29%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A local attacker may be able to modify the state of the Keychain.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2026-28990
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.26%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28986
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 33.52%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacostvoswatchosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-28969
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.45% / 36.36%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-416
Use After Free
CVE-2026-43660
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.83%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-28904
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 33.26%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadoswatchosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-28953
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 33.26%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadoswatchosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-28974
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.99%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2026-28903
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 31.22%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadoswatchosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-28846
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.73% / 50.09%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-28942
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 37.17%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadoswatchosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-416
Use After Free
CVE-2026-28996
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 1.41%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-14 May, 2026 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-28943
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.62%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-14 May, 2026 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to determine kernel memory layout.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacoswatchosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-43666
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.34%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker on the local network may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-28902
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 31.22%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadoswatchosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-28847
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.87%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadoswatchosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-28955
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.69% / 48.78%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosmacosiphone_osipadoswatchosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-28918
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 38.73%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-28959
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.60% / 44.98%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-43210
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.37% / 29.32%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 18:21
Updated-03 Apr, 2026 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20687
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.34% / 25.66%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:35
Updated-02 Apr, 2026 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or write kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvoswatchosmacosiphone_osipadosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-416
Use After Free
CVE-2026-28852
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.69%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:32
Updated-02 Apr, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2026-20665
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 45.23%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:32
Updated-02 Apr, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-693
Protection Mechanism Failure
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next