Total
4574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43224 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-07-31 | N/A | 7.1 HIGH |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 2.6, tvOS 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | |||||
| CVE-2025-43223 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-07-31 | N/A | 7.5 HIGH |
| A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.7, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. A non-privileged user may be able to modify restricted network settings. | |||||
| CVE-2025-43222 | 1 Apple | 2 Ipados, Macos | 2025-07-31 | N/A | 9.8 CRITICAL |
| A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An attacker may be able to cause unexpected app termination. | |||||
| CVE-2024-2398 | 4 Apple, Fedoraproject, Haxx and 1 more | 22 Macos, Fedora, Curl and 19 more | 2025-07-30 | N/A | 8.6 HIGH |
| When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application. | |||||
| CVE-2024-2466 | 3 Apple, Haxx, Netapp | 12 Macos, Curl, Bootstrap Os and 9 more | 2025-07-30 | N/A | 6.5 MEDIUM |
| libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). | |||||
| CVE-2024-2004 | 4 Apple, Fedoraproject, Haxx and 1 more | 15 Macos, Fedora, Curl and 12 more | 2025-07-30 | N/A | 3.5 LOW |
| When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug. | |||||
| CVE-2024-2379 | 3 Apple, Haxx, Netapp | 20 Macos, Curl, Active Iq Unified Manager and 17 more | 2025-07-30 | N/A | 6.3 MEDIUM |
| libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. | |||||
| CVE-2021-30663 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-07-30 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2025-8011 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-07-30 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-24196 | 1 Apple | 1 Macos | 2025-07-30 | N/A | 8.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with user privileges may be able to read kernel memory. | |||||
| CVE-2024-11681 | 2 Apple, Macports | 2 Macos, Macports | 2025-07-29 | N/A | 6.8 MEDIUM |
| A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror. | |||||
| CVE-2024-11395 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-07-29 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-8010 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-07-29 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-1079 | 3 Apple, Google, Linux | 3 Macos, Web Designer, Linux Kernel | 2025-07-29 | N/A | 7.8 HIGH |
| Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature | |||||
| CVE-2025-21162 | 2 Adobe, Apple | 2 Photoshop Elements, Macos | 2025-07-25 | N/A | 5.5 MEDIUM |
| Photoshop Elements versions 2025.0 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-47111 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-07-25 | N/A | 5.5 MEDIUM |
| Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-47112 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-07-25 | N/A | 5.5 MEDIUM |
| Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-1257 | 5 Apple, Cisco, Linux and 2 more | 5 Macos, Catalyst Center, Linux Kernel and 2 more | 2025-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. | |||||
| CVE-2024-20337 | 4 Apple, Cisco, Linux and 1 more | 4 Macos, Secure Client, Linux Kernel and 1 more | 2025-07-22 | N/A | 8.2 HIGH |
| A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access. | |||||
| CVE-2025-20126 | 2 Apple, Cisco | 3 Macos, Roomos, Thousandeyes Endpoint Agent | 2025-07-22 | N/A | 4.8 MEDIUM |
| A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. | |||||