CVE-2025-24250

This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app acting as a HTTPS proxy could get access to sensitive user data...

CVE-2025-24240

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data...

CVE-2025-30450

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access sensitive user data...

CVE-2025-24278

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data...

CVE-2025-24278

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data...

CVE-2025-24281

This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

CVE-2025-24281

This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

CVE-2025-24281

CVE-2025-24281 affects macOS Sequoia 15.4. The issue enabled an app to access sensitive user data and was addressed by improved data protection/redaction. Apple’s advisory for macOS Sequoia 15.4 lists CVE-2025-24281 under the Security Content, describing an impact on user data exposure and noting...

CVE-2025-24214

CVE-2025-24214: A privacy issue where text-field contents were logged; fixed in visionOS 2.4, iOS 18.4/iPadOS 18.4, tvOS 18.4, and macOS Sequoia 15.4. The CVSS details indicate a LOCAL attack with LOW complexity and USER INTERACTION required, and the impact is confidentiality loss. The issue coul...

CVE-2025-24263

The CVE-2025-24263 entry concerns a privacy issue in macOS where sensitive user data could be observed by an unprivileged app. Apple fixed this by moving the data to a protected location, with the issue addressed in macOS Sequoia 15.4. The Apple advisory (Security Content) confirms the impact is ...

CVE-2025-24253

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data...

CVE-2025-24204

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

CVE-2025-24204

CVE-2025-24204 is a kernel‑level issue in macOS Sequoia prior to 15.4. The fixed description indicates that an app may be able to access protected user data due to insufficient checks in the involved kernel path. The vulnerability is resolved in macOS Sequoia 15.4 with the update noted by Apple’s...

CVE-2025-24246

An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data...

CVE-2025-24283

CVE-2025-24283 describes a logging issue where sensitive user data could be exposed due to inadequate data redaction. The problem has been fixed in Apple platforms: visionOS 2.4, iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4. The CVE entry notes that an app may access sensitive user data as a res...

CVE-2025-24241

The CVE-2025-24241 issue is a configuration-related vulnerability affecting macOS, fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, and macOS Sonoma 14.7.5. It describes a way an app may deceive a user into copying sensitive data to the pasteboard. The core detail provided is a configuration is...

CVE-2025-31689

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

CVE-2025-31689

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

CVE-2025-31689 General Data Protection Regulation - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-018

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

CVE-2025-31689

The CVE-2025-31689 entry concerns the Drupal General Data Protection Regulation (GDPR) module. A CSRF vulnerability affects versions 0.0.0 through 3.0.1 and 3.1.0 through 3.1.2. The issue is mitigated by upgrading to 3.0.1+ or 3.1.2+ (per connected sources). No exploit details are provided beyond...