EUVD-2025-209941

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There are security vulnerabilities in versions prior to Apple macOS Sequoia 15.7, Sonoma 14.8, and Tahoe 26. These vulnerabilities stem from logical issues and could allow malicious applicatio...

EUVD-2026-29234

This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files...

EUVD-2026-15095

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to break out of its sandbox...

CVE-2026-20648

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices...

CVE-2026-20646

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information...

CVE-2026-20648

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices...

CVE-2026-20646

Summary (CVE-2026-20646) : A logging issue in macOS Tahoe 26.3 allowed reading of sensitive location information due to insufficient data redaction. Multiple sources (Apple advisory references and national/cross-vendor advisories) corroborate that the issue is fixed in macOS Tahoe 26.3. The vulne...

CVE-2022-37002

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background...

Detecting Malicious Entra OAuth Apps with LLM-Based Permission Risk Scoring

This project presents a unified detection framework that constructs a complete corpus of Microsoft Graph permissions, generates consistent LLM-based risk scores, and integrates them into a real-time detection engine to identify malicious OAuth consent activity...

CVE-2025-43381

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data...

CVE-2025-43381

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data...

EUVD-2025-203172

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data...

CVE-2025-43520

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause...

CVE-2025-27389

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning...

CVE-2025-64696

Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications...

CVE-2025-27389

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning...

CVE-2025-27389 Application Installation Source Verification Flaw May Lead to Risk Detection Bypass

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning...

CVE-2025-27389

Technical details such as affected products, versions, root cause, or exploitation steps are not publicly provided in the supplied documents. Monitor for updates from vendors and CVE feeds.

Apple iOS and iPadOS Cache Mishandling Vulnerability

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A cache mishandling vulnerability exists in Apple iOS and iPadOS, which can be exploited by attackers to cause malicious applications to track users...