Export limit exceeded: 23276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25172 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25172 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34442 | 2 Freescout, Freescout Helpdesk | 2 Freescout, Freescout | 2026-04-02 | 5.4 Medium |
| FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version (http://localhost:8080/system/status) allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External Resource Loading and Open Redirect behavior. When the application constructs links and assets using the unvalidated Host header, user requests can be redirected to attacker-controlled domains and external resources may be loaded from malicious servers. This issue has been patched in version 1.8.211. | ||||
| CVE-2025-71280 | 1 Xenforo | 1 Xenforo | 2026-04-02 | 6.2 Medium |
| XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users. | ||||
| CVE-2025-71282 | 1 Xenforo | 1 Xenforo | 2026-04-02 | 7.5 High |
| XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure. | ||||
| CVE-2025-46279 | 1 Apple | 11 Ios, Ipad Os, Ipados and 8 more | 2026-04-02 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to identify what other apps a user has installed. | ||||
| CVE-2025-43530 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-02 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-43427 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2026-04-02 | 4.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43392 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-02 | 4.3 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin. | ||||
| CVE-2025-43356 | 1 Apple | 8 Ios, Ipados, Iphone Os and 5 more | 2026-04-02 | 6.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent. | ||||
| CVE-2025-43342 | 3 Apple, Webkitgtk, Wpewebkit | 10 Ios, Ipados, Iphone Os and 7 more | 2026-04-02 | 9.8 Critical |
| A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43299 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-02 | 5.5 Medium |
| A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service. | ||||
| CVE-2025-43223 | 1 Apple | 10 Ios, Ipados, Iphone Os and 7 more | 2026-04-02 | 7.5 High |
| A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. A non-privileged user may be able to modify restricted network settings. | ||||
| CVE-2025-31215 | 2 Apple, Redhat | 12 Ipados, Iphone Os, Macos and 9 more | 2026-04-02 | 6.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-31205 | 2 Apple, Redhat | 13 Ipados, Iphone Os, Macos and 10 more | 2026-04-02 | 6.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2025-31191 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-02 | 5.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data. | ||||
| CVE-2025-30452 | 1 Apple | 1 Macos | 2026-04-02 | 9.8 Critical |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An input validation issue was addressed. | ||||
| CVE-2025-24283 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-02 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data. | ||||
| CVE-2025-24246 | 1 Apple | 1 Macos | 2026-04-02 | 9.8 Critical |
| An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data. | ||||
| CVE-2024-54550 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-02 | 4 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs. | ||||
| CVE-2024-54547 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access protected user data. | ||||
| CVE-2024-54508 | 2 Apple, Redhat | 13 Ipados, Iphone Os, Macos and 10 more | 2026-04-02 | 7.5 High |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||