Export limit exceeded: 342082 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4308 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28871 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-04-02 | 4.3 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack. | ||||
| CVE-2024-40826 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-02 | 6.1 Medium |
| A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview. | ||||
| CVE-2024-44131 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-02 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data. | ||||
| CVE-2024-44127 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | 5.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication. | ||||
| CVE-2024-40867 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2026-04-02 | 8.8 High |
| A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox. | ||||
| CVE-2024-40830 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | 3.3 Low |
| This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2026-32318 | 2 Apple, Cryptomator | 3 Iphone Os, Cryptomator, Ios | 2026-03-27 | 7.6 High |
| Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 2.8.3. | ||||
| CVE-2023-43010 | 2 Apple, Redhat | 11 Ios And Ipados, Ipados, Iphone Os and 8 more | 2026-03-25 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2026-30783 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-03-25 | 9.8 Critical |
| A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling. This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-30797 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-03-25 | 8.1 High |
| Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler. This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-30789 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-03-25 | 9.8 Critical |
| Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction. This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-30792 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-03-25 | 8.1 High |
| A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options(). This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-30793 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-03-25 | 9.8 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart, src/flutter_ffi.Rs and program routines URI handler for rustdesk://password/, bind.MainSetPermanentPassword(). This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-30794 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-03-25 | 8.1 High |
| Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry with danger_accept_invalid_certs(true). This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-30795 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-03-25 | 7.5 High |
| Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing Attacks. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines Heartbeat JSON payload construction (preset-address-book-password). This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-30791 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-03-18 | 7.5 High |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig(). This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-30798 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-03-17 | 7.5 High |
| Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop. This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2023-41974 | 1 Apple | 2 Ipados, Iphone Os | 2026-03-12 | 7.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-43000 | 1 Apple | 7 Ios, Ipad Os, Ipados and 4 more | 2026-03-12 | 8.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2021-30952 | 6 Apple, Debian, Fedoraproject and 3 more | 12 Ipados, Iphone Os, Macos and 9 more | 2026-03-06 | 8.8 High |
| An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||