Filtered by vendor Apple
Subscriptions
Total
13189 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4657 | 1 Apple | 1 Iphone Os | 2025-10-22 | 8.8 High |
| WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | ||||
| CVE-2016-4656 | 1 Apple | 1 Iphone Os | 2025-10-22 | 7.8 High |
| The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||||
| CVE-2016-4655 | 1 Apple | 1 Iphone Os | 2025-10-22 | 5.5 Medium |
| The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. | ||||
| CVE-2016-1010 | 7 Adobe, Apple, Google and 4 more | 16 Air, Air Desktop Runtime, Air Sdk and 13 more | 2025-10-22 | 8.8 High |
| Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. | ||||
| CVE-2016-0984 | 6 Adobe, Apple, Google and 3 more | 14 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 11 more | 2025-10-22 | 8.8 High |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983. | ||||
| CVE-2015-8651 | 9 Adobe, Apple, Google and 6 more | 23 Air, Air Sdk, Air Sdk \& Compiler and 20 more | 2025-10-22 | 8.8 High |
| Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-7645 | 7 Adobe, Apple, Linux and 4 more | 14 Flash Player, Mac Os X, Linux Kernel and 11 more | 2025-10-22 | 7.8 High |
| Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015. | ||||
| CVE-2025-48500 | 2 Apple, F5 | 5 Macos, Big-ip, Big-ip Access Policy Manager and 2 more | 2025-10-21 | 7.3 High |
| A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-27906 | 4 Apple, Ibm, Linux and 1 more | 4 Macos, Content Navigator, Linux Kernel and 1 more | 2025-10-21 | 5.3 Medium |
| IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified. | ||||
| CVE-2025-61806 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-10-21 | 7.8 High |
| Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-61805 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-10-21 | 7.8 High |
| Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54271 | 2 Adobe, Apple | 3 Creative Cloud, Creative Cloud Desktop Application, Macos | 2025-10-21 | 5.6 Medium |
| Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary file system write. A low-privileged attacker could exploit the timing between the check and use of a resource, potentially allowing unauthorized modifications to files. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-43282 | 1 Apple | 13 Ios, Ipad Os, Ipados and 10 more | 2025-10-21 | 5.5 Medium |
| A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination. | ||||
| CVE-2025-43281 | 1 Apple | 2 Macos, Macos Sequoia | 2025-10-21 | 8.4 High |
| The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges. | ||||
| CVE-2025-49552 | 3 Adobe, Apple, Microsoft | 3 Connect, Macos, Windows | 2025-10-21 | 7.3 High |
| Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed. | ||||
| CVE-2025-49553 | 3 Adobe, Apple, Microsoft | 3 Connect, Macos, Windows | 2025-10-21 | 9.3 Critical |
| Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed. | ||||
| CVE-2025-43296 | 1 Apple | 1 Macos | 2025-10-20 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks. | ||||
| CVE-2025-31365 | 2 Apple, Fortinet | 3 Macos, Forticlient, Forticlientmac | 2025-10-20 | 5.5 Medium |
| An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website. | ||||
| CVE-2025-57741 | 2 Apple, Fortinet | 3 Macos, Forticlient, Forticlientmac | 2025-10-20 | 7 High |
| An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking. | ||||
| CVE-2025-61799 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-10-20 | 7.8 High |
| Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||