Export limit exceeded: 22209 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (22209 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33317 | 2 Linaro, Op-tee | 2 Op-tee, Op-tee Os | 2026-04-28 | 8.7 High |
| OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can lead to out-of-bounds read from the PKCS#11 TA heap or a crash. When chained with the OOB read, the PKCS#11 TA function `PKCS11_CMD_GET_ATTRIBUTE_VALUE` or `entry_get_attribute_value()` can, with a bad template parameter, be tricked into reading at most 7 bytes beyond the end of the template buffer and writing beyond the end of the template buffer with the content of an attribute value of a PKCS#11 object. Commits e031c4e562023fd9f199e39fd2e85797e4cbdca9, 16926d5a46934c46e6656246b4fc18385a246900, and 149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1ca contain patches and are anticipated to be part of version 4.11.0. | ||||
| CVE-2026-6920 | 3 Google, Linux, Microsoft | 4 Android, Chrome, Linux Kernel and 1 more | 2026-04-28 | 9.6 Critical |
| Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-42038 | 1 Axios | 1 Axios | 2026-04-28 | 6.8 Medium |
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for no_proxy hostname normalization bypass is incomplete. When no_proxy=localhost is set, requests to 127.0.0.1 and [::1] still route through the proxy instead of bypassing it. The shouldBypassProxy() function does pure string matching — it does not resolve IP aliases or loopback equivalents. This vulnerability is fixed in 1.15.1 and 0.31.1. | ||||
| CVE-2025-24092 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read sensitive location information. | ||||
| CVE-2025-24100 | 1 Apple | 1 Macos | 2026-04-28 | 3.3 Low |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access information about a user's contacts. | ||||
| CVE-2025-24230 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-28 | 9.8 Critical |
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected app termination. | ||||
| CVE-2025-30458 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read files outside of its sandbox. | ||||
| CVE-2025-24265 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination. | ||||
| CVE-2025-24182 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-28 | 5.5 Medium |
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted font may result in the disclosure of process memory. | ||||
| CVE-2025-24097 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-28 | 5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to read arbitrary file metadata. | ||||
| CVE-2026-21340 | 1 Adobe | 1 Substance 3d Designer | 2026-04-28 | 5.5 Medium |
| Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30422 | 1 Apple | 3 Airplay Audio Software Development Kit, Airplay Video Software Development Kit, Carplay Communication Plug-in | 2026-04-28 | 6.5 Medium |
| A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination. | ||||
| CVE-2025-31209 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-28 | 6.3 Medium |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to disclosure of user information. | ||||
| CVE-2025-43254 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-28 | 7.1 High |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination. | ||||
| CVE-2025-43239 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-28 | 7.1 High |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination. | ||||
| CVE-2025-43221 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-28 | 7.1 High |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | ||||
| CVE-2025-43284 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-28 | 5.5 Medium |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination. | ||||
| CVE-2025-43346 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-28 | 5.5 Medium |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | ||||
| CVE-2025-43344 | 1 Apple | 8 Ios, Ipados, Iphone Os and 5 more | 2026-04-28 | 3.3 Low |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause unexpected system termination. | ||||
| CVE-2025-43312 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-28 | 5.5 Medium |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause unexpected system termination. | ||||