Total
360 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44257 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to access sensitive user data. | |||||
| CVE-2024-44222 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 3.3 LOW |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to read sensitive location information. | |||||
| CVE-2024-44216 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to access user-sensitive data. | |||||
| CVE-2024-44213 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.9 MEDIUM |
| An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker in a privileged network position may be able to leak sensitive user information. | |||||
| CVE-2024-44200 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | N/A | 3.3 LOW |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information. | |||||
| CVE-2024-40832 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 3.3 LOW |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs. | |||||
| CVE-2024-40813 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2026-04-02 | N/A | 4.6 MEDIUM |
| A lock screen issue was addressed with improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6. An attacker with physical access may be able to use Siri to access sensitive user data. | |||||
| CVE-2024-27789 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.4, macOS Ventura 13.6.7. An app may be able to access user-sensitive data. | |||||
| CVE-2024-23290 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-02 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data. | |||||
| CVE-2024-23241 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4. An app may be able to leak sensitive user information. | |||||
| CVE-2024-23232 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen. | |||||
| CVE-2024-23229 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.4, macOS Ventura 13.6.5. A malicious application may be able to access Find My data. | |||||
| CVE-2024-23217 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-02 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2024-23205 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access sensitive user data. | |||||
| CVE-2026-33407 | 1 Wallosapp | 1 Wallos | 2026-03-26 | N/A | 9.1 CRITICAL |
| Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP_PROXY and HTTPS_PROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search terms, which can be controlled by attackers to trigger outbound requests to arbitrary domains. This issue has been patched in version 4.7.0. | |||||
| CVE-2020-1493 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2026-02-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links. | |||||
| CVE-2026-20629 | 1 Apple | 1 Macos | 2026-02-17 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data. | |||||
| CVE-2025-70963 | 1 Getgophish | 1 Gophish | 2026-02-10 | N/A | 7.6 HIGH |
| Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context. | |||||
| CVE-2025-20912 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-02-02 | N/A | 6.2 MEDIUM |
| Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch. | |||||
| CVE-2024-55931 | 1 Xerox | 1 Workplace Suite | 2026-01-30 | N/A | 6.5 MEDIUM |
| Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin. | |||||