Total
174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43217 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2026-04-02 | 4 Medium |
| The issue was addressed by adding additional logic. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Privacy Indicators for microphone or camera access may not be correctly displayed. | ||||
| CVE-2024-40796 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-02 | 5.3 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Private browsing may leak some browsing history. | ||||
| CVE-2024-27881 | 1 Apple | 1 Macos | 2026-04-02 | 5.3 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to access information about a user’s contacts. | ||||
| CVE-2024-27850 | 1 Apple | 6 Ipad Os, Ipados, Iphone Os and 3 more | 2026-04-02 | 6.5 Medium |
| This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2024-23211 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-02 | 3.3 Low |
| A privacy issue was addressed with improved handling of user preferences. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A user's private browsing activity may be visible in Settings. | ||||
| CVE-2025-31276 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2026-04-02 | 5.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off. | ||||
| CVE-2025-43399 | 1 Apple | 2 Macos, Macos Sequoia | 2026-04-02 | 7.5 High |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access protected user data. | ||||
| CVE-2025-43439 | 1 Apple | 5 Ios, Ipad Os, Ipados and 2 more | 2026-04-02 | 5.5 Medium |
| A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user. | ||||
| CVE-2025-43259 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-02 | 4.6 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2025-43279 | 1 Apple | 1 Macos | 2026-04-02 | 6.2 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43452 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2026-04-02 | 4.6 Medium |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen. | ||||
| CVE-2025-43409 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2026-3911 | 1 Redhat | 2 Build Keycloak, Build Of Keycloak | 2026-04-02 | 2.7 Low |
| A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data. | ||||
| CVE-2026-34226 | 1 Capricorn86 | 2 Happy-dom, Happy Dom | 2026-04-02 | 7.5 High |
| Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { credentials: "include" })` is used. This can leak cookies from origin A to destination B. Version 20.8.9 fixes the issue. | ||||
| CVE-2026-20834 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-04-01 | 4.6 Medium |
| Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack. | ||||
| CVE-2025-10450 | 1 Rti | 1 Connext Professional | 2026-04-01 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1. | ||||
| CVE-2026-4712 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-0102 | 1 Microsoft | 1 Edge Chromium | 2026-03-16 | 3.1 Low |
| Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. | ||||
| CVE-2025-66605 | 1 Yokogawa | 2 Fast/tools, Fast\/tools | 2026-03-05 | 5.3 Medium |
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | ||||
| CVE-2023-46446 | 2 Asyncssh Project, Redhat | 2 Asyncssh, Ceph Storage | 2026-02-25 | 6.8 Medium |
| An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | ||||