Total
4308 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-28871 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-03-30 | N/A | 4.3 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack. | |||||
| CVE-2026-28867 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-27 | N/A | 6.2 MEDIUM |
| This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state. | |||||
| CVE-2026-28870 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-27 | N/A | 5.5 MEDIUM |
| An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data. | |||||
| CVE-2026-20692 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-27 | N/A | 5.3 MEDIUM |
| A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. "Hide IP Address" and "Block All Remote Content" may not apply to all mail content. | |||||
| CVE-2026-28877 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-03-26 | N/A | 5.5 MEDIUM |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data. | |||||
| CVE-2026-20698 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-26 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2026-20694 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-26 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data. | |||||
| CVE-2026-28855 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-26 | N/A | 7.5 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data. | |||||
| CVE-2026-28863 | 1 Apple | 5 Ipados, Iphone Os, Tvos and 2 more | 2026-03-26 | N/A | 6.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user. | |||||
| CVE-2026-28874 | 1 Apple | 2 Ipados, Iphone Os | 2026-03-26 | N/A | 7.5 HIGH |
| The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may cause an unexpected app termination. | |||||
| CVE-2026-28858 | 1 Apple | 2 Ipados, Iphone Os | 2026-03-26 | N/A | 9.8 CRITICAL |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2026-28882 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-26 | N/A | 4.0 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps. | |||||
| CVE-2026-28895 | 1 Apple | 2 Ipados, Iphone Os | 2026-03-26 | N/A | 4.6 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode. | |||||
| CVE-2026-28856 | 1 Apple | 4 Ipados, Iphone Os, Visionos and 1 more | 2026-03-26 | N/A | 4.6 MEDIUM |
| The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information. | |||||
| CVE-2026-28857 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-03-26 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2026-20657 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-26 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination. | |||||
| CVE-2026-20688 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-03-26 | N/A | 9.3 CRITICAL |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox. | |||||
| CVE-2026-28861 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-03-26 | N/A | 4.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins. | |||||
| CVE-2026-32318 | 2 Apple, Cryptomator | 2 Iphone Os, Cryptomator | 2026-03-26 | N/A | 7.6 HIGH |
| Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 2.8.3. | |||||
| CVE-2026-28859 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2026-03-25 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox. | |||||