Total
14031 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23214 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-02 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2026-28825 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2026-20664 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-04-02 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43237 | 1 Apple | 2 Macos, Macos Sequoia | 2026-04-02 | 9.8 Critical |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause unexpected system termination. | ||||
| CVE-2026-28859 | 1 Apple | 8 Ios And Ipados, Ipados, Iphone Os and 5 more | 2026-04-02 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox. | ||||
| CVE-2025-30441 | 1 Apple | 1 Xcode | 2026-04-02 | 5.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files. | ||||
| CVE-2025-43505 | 1 Apple | 1 Xcode | 2026-04-02 | 8.8 High |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption. | ||||
| CVE-2024-44157 | 1 Apple | 2 Apple Tv, Itunes | 2026-04-02 | 5.5 Medium |
| A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination. | ||||
| CVE-2025-24118 | 1 Apple | 2 Ipados, Macos | 2026-04-02 | 9.8 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2026-20657 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-04-02 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination. | ||||
| CVE-2026-20698 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-04-02 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2026-28857 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-04-02 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2024-40810 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause a coprocessor crash. | ||||
| CVE-2025-43501 | 2 Apple, Webkitgtk | 8 Ios, Ipados, Iphone Os and 5 more | 2026-04-02 | 4.3 Medium |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-33721 | 2 Mapserver, Osgeo | 2 Mapserver, Mapserver | 2026-04-02 | 5.3 Medium |
| MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue. | ||||
| CVE-2026-27853 | 1 Powerdns | 1 Dnsdist | 2026-04-01 | 5.9 Medium |
| An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service. | ||||
| CVE-2026-5190 | 1 Aws | 1 Aws-c-event-stream | 2026-04-01 | 7.5 High |
| Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, users should upgrade to version 0.6.0 or later. | ||||
| CVE-2016-20046 | 1 Zftp | 1 Zftp Client | 2026-04-01 | 8.4 High |
| zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges. | ||||
| CVE-2026-4960 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2026-03-31 | 8.8 High |
| A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-4906 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2026-03-31 | 8.8 High |
| A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||