Export limit exceeded: 13133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13133 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14812 | 2 Apple, The Browser Company | 2 Ios, Arc | 2025-12-21 | 7.5 High |
| ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk. | ||||
| CVE-2025-14372 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-19 | 6.1 Medium |
| Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-14373 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2025-12-19 | 4.3 Medium |
| Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-59802 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-12-18 | 7.5 High |
| Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1. | ||||
| CVE-2025-43428 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2025-12-18 | 9.8 Critical |
| A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed without authentication. | ||||
| CVE-2025-43475 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2025-12-18 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43514 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data. | ||||
| CVE-2025-43526 | 1 Apple | 3 Macos, Macos Tahoe, Safari | 2025-12-18 | 9.8 Critical |
| This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted. | ||||
| CVE-2025-46292 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2025-12-18 | 5.5 Medium |
| This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access user-sensitive data. | ||||
| CVE-2025-46288 | 1 Apple | 9 Ios, Ipad Os, Ipados and 6 more | 2025-12-18 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens. | ||||
| CVE-2025-46283 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-46282 | 1 Apple | 3 Macos, Macos Tahoe, Safari | 2025-12-18 | 5.5 Medium |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-46281 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 8.4 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox. | ||||
| CVE-2025-46279 | 1 Apple | 11 Ios, Ipad Os, Ipados and 8 more | 2025-12-18 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed. | ||||
| CVE-2025-46278 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data. | ||||
| CVE-2025-46277 | 1 Apple | 6 Ios, Ipad Os, Ipados and 3 more | 2025-12-18 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2. An app may be able to access a user’s Safari history. | ||||
| CVE-2025-43536 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2025-12-18 | 4.3 Medium |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43535 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-12-18 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43533 | 1 Apple | 8 Ios, Ipados, Iphone Os and 5 more | 2025-12-18 | 3.5 Low |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2025-43523 | 1 Apple | 1 Macos | 2025-12-18 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access sensitive user data. | ||||