CVE-2026-20638

A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions...

CVE-2026-20638

A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions...

CVE-2026-20638

CVE-2026-20638 affects iOS and iPadOS. A logic issue allowed identifying information to leak to Live Caller ID app extensions when those extensions were disabled by the user. Apple fixed this in iOS 26.3 and iPadOS 26.3 by applying improved checks. The vulnerability is described as a logic/contro...

CVE-2026-20676

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...

CVE-2026-20676

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...

CVE-2026-20676

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...

CVE-2026-20676

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...

CVE-2026-20676

CVE-2026-20676 is a WebKit/WebKitGTK tracking vulnerability where a website may track users via Safari web extensions. The connected documents indicate fixes in Safari 26.3 and corresponding OS versions (iOS/iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3) and related package updates (e.g., webkitgt...

Security Assessment of Intel TDX with Support for Live Migration

In the second and third quarters of 2025, Google collaborated with Intel to conduct a security assessment of Intel Trust Domain Extensions TDX, extending Google's previous review and covering major changes since Intel TDX Module 1.0 - namely support for Live Migration and Trusted Domain TD...

PT-2026-7771

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.3 iPadOS versions prior to 26.3 Description A logic issue existed where a user with Live Caller ID app extensions disabled could have identifying information leaked to those extensions. The issue was resolved through...

PT-2026-7799

Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 26.3 Apple iOS versions prior to 26.3 Apple iPadOS versions prior to 26.3 Apple macOS Tahoe versions prior to 26.3 Apple visionOS versions prior to 26.3 Description A website may be able to track users through...

CVE-2025-32007

Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attac...

CVE-2025-27572

Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access...

CVE-2025-32007

The CVE describes an out-of-bounds read in some Intel TDX prior to tdx module 1.5.24, within the Ring 0 Hypervisor. It may allow an information disclosure. An authorized adversary with privileged user access, using a low-complexity local attack with no user interaction, could exploit this to expo...

CVE-2025-27940

Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Software side channel adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access wh...

CVE-2025-27572

Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access...

CVE-2025-27572

CVE-2025-27572 is an information-disclosure vulnerability in some Intel® Trust Domain Extensions (TDX) modules. A privileged, highly capable attacker with local access could trigger data exposure during transient execution in Ring 0 of the hypervisor. The impact is confined to confidentiality (hi...

Intel Trust Domain Extensions 安全漏洞

Intel Trust Domain Extensions is a confidential virtualization solution developed by Intel Corporation in the United States. It aims to isolate confidential virtual machines from non-confidential domain software stacks including hypervisors, VMMs, and other non-trusted domain software stacks,...

Intel Trust Domain Extensions 缓冲区错误漏洞

Intel Trust Domain Extensions is a confidential virtualization solution developed by Intel Corporation in the United States. It aims to isolate confidential virtual machines from non-confidential domain software stacks including hypervisors, VMMs, and other non-trusted domain software stacks,...

PT-2026-7296

Name of the Vulnerable Software and Affected Versions TDX Module versions prior to tdx1.5 Description An out-of-bounds read issue exists within the hypervisor in some TDX Module versions prior to tdx1.5 when operating in Ring 0. A software side channel adversary with a privileged user, combined...