Search Results (363508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-71280 1 Xenforo 1 Xenforo 2026-04-02 6.2 Medium
XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users.
CVE-2025-71282 1 Xenforo 1 Xenforo 2026-04-02 7.5 High
XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure.
CVE-2026-35054 1 Xenforo 1 Xenforo 2026-04-02 6.4 Medium
XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content.
CVE-2026-4008 1 Tenda 2 W3, W3 Firmware 2026-04-02 8.8 High
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2025-43530 1 Apple 3 Macos, Macos Sequoia, Macos Sonoma 2026-04-02 5.5 Medium
This issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data.
CVE-2025-43503 1 Apple 6 Ios, Ipados, Iphone Os and 3 more 2026-04-02 4.3 Medium
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Visiting a malicious website may lead to user interface spoofing.
CVE-2025-43427 1 Apple 6 Ios, Ipados, Iphone Os and 3 more 2026-04-02 4.3 Medium
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43426 1 Apple 4 Ios, Ipad Os, Ipados and 1 more 2026-04-02 5.5 Medium
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. An app may be able to access sensitive user data.
CVE-2025-43425 1 Apple 7 Ios, Ipados, Iphone Os and 4 more 2026-04-02 4.3 Medium
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43421 1 Apple 5 Ios, Ipados, Iphone Os and 2 more 2026-04-02 4.3 Medium
Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43419 1 Apple 7 Ios, Ipados, Iphone Os and 4 more 2026-04-02 8.8 High
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43392 1 Apple 7 Ios, Ipados, Iphone Os and 4 more 2026-04-02 4.3 Medium
The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin.
CVE-2025-43361 1 Apple 9 Ios, Ipados, Iphone Os and 6 more 2026-04-02 7.8 High
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A malicious app may be able to read kernel memory.
CVE-2025-43356 1 Apple 8 Ios, Ipados, Iphone Os and 5 more 2026-04-02 6.5 Medium
The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent.
CVE-2025-43343 3 Apple, Webkitgtk, Wpewebkit 10 Ios, Ipados, Iphone Os and 7 more 2026-04-02 9.8 Critical
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43342 3 Apple, Webkitgtk, Wpewebkit 10 Ios, Ipados, Iphone Os and 7 more 2026-04-02 9.8 Critical
A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43330 1 Apple 3 Macos, Macos Sequoia, Macos Tahoe 2026-04-02 8.2 High
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to break out of its sandbox.
CVE-2025-43327 1 Apple 2 Macos, Safari 2026-04-02 6.5 Medium
The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing.
CVE-2025-43299 1 Apple 7 Ios, Ipados, Iphone Os and 4 more 2026-04-02 5.5 Medium
A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.
CVE-2025-43292 1 Apple 3 Macos, Macos Sequoia, Macos Tahoe 2026-04-02 5.5 Medium
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sequoia 15.7.2, macOS Tahoe 26. An app may be able to access sensitive user data.