Export limit exceeded: 345237 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 13705 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13705 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54658 | 2 Apple, Fortinet | 3 Macos, Fortidlp, Fortidlp Agent | 2026-01-14 | 7.2 High |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to Root via sending a crafted request to a local listening port. | ||||
| CVE-2023-32409 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-01-13 | 8.6 High |
| The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2025-64738 | 2 Apple, Zoom | 6 Macos, Meeting Software Development Kit, Workplace and 3 more | 2026-01-13 | 5 Medium |
| External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access. | ||||
| CVE-2024-28867 | 1 Apple | 1 Swift Prometheus | 2026-01-13 | 5.9 Medium |
| Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies _un-sanitized string values into metric names or labels_, an attacker could make use of this and send a `?lang` query parameter containing newlines, `}` or similar characters which can lead to the attacker taking over the exported format -- including creating unbounded numbers of stored metrics, inflating server memory usage, or causing "bogus" metrics. This vulnerability is fixed in2.0.0-alpha.2. | ||||
| CVE-2013-0648 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Mac Os X, Linux Kernel and 9 more | 2026-01-12 | 8.8 High |
| Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. | ||||
| CVE-2022-32912 | 2 Apple, Redhat | 4 Ipados, Iphone Os, Safari and 1 more | 2026-01-07 | 8.8 High |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-32872 | 1 Apple | 2 Ipados, Iphone Os | 2026-01-07 | 2.4 Low |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen. | ||||
| CVE-2025-14023 | 2 Apple, Linecorp | 2 Ios, Line | 2026-01-07 | 3.1 Low |
| LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions. | ||||
| CVE-2025-14022 | 2 Apple, Linecorp | 2 Ios, Line | 2026-01-07 | 7.7 High |
| LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of network traffic, which could allow a network-adjacent attacker to intercept or modify encrypted communications. | ||||
| CVE-2025-55311 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2026-01-07 | 6.5 Medium |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification by hiding document modifications, allowing an attacker to mislead users about the document's integrity and compromise the trustworthiness of signed PDFs. | ||||
| CVE-2025-55309 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2026-01-06 | 6.7 Medium |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes. | ||||
| CVE-2025-66723 | 3 Apple, Inmusicbrands, Microsoft | 3 Macos, Engine Dj Desktop, Windows | 2026-01-05 | 7.5 High |
| inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths. | ||||
| CVE-2025-12843 | 2 Apple, Waveterm | 3 Macos, Wave Terminal, Waveterm | 2026-01-05 | 5.5 Medium |
| Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2. | ||||
| CVE-2024-46060 | 2 Anaconda, Apple | 2 Anaconda3, Macos | 2026-01-05 | 7.8 High |
| Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user. | ||||
| CVE-2024-46062 | 3 Anaconda, Apple, Conda | 3 Miniconda3, Macos, Miniconda3 | 2026-01-05 | 7.8 High |
| Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user. | ||||
| CVE-2025-65741 | 2 Apple, Sublimetext | 2 Macos, Sublime Text 3 | 2026-01-02 | 9.8 Critical |
| Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application. | ||||
| CVE-2025-67461 | 2 Apple, Zoom | 3 Macos, Rooms, Zoom | 2025-12-30 | 5 Medium |
| External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access. | ||||
| CVE-2025-56400 | 3 Apple, Google, Tuya | 6 Ios, Android, Smart and 3 more | 2025-12-30 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa account to a victim's Tuya account. The applications fail to validate the OAuth state parameter during the account linking flow, enabling a cross-site request forgery (CSRF)-like attack. By tricking the victim into clicking a crafted authorization link, an attacker can complete the OAuth flow on the victim's behalf, resulting in unauthorized Alexa access to the victim's Tuya-connected devices. This affects users regardless of prior Alexa linkage and does not require the Tuya application to be active at the time. Successful exploitation may allow remote control of devices such as cameras, doorbells, door locks, or alarms. | ||||
| CVE-2025-52842 | 3 Apple, Laundry Project, Linux | 3 Macos, Laundry, Linux Kernel | 2025-12-23 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Laundry on Linux, MacOS allows Account Takeover. This issue affects Laundry: 2.3.0. | ||||
| CVE-2025-52841 | 3 Apple, Laundry Project, Linux | 3 Macos, Laundry, Linux Kernel | 2025-12-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0. | ||||