CVE-2026-20656

A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, Safari 26.3, macOS Tahoe 26.3. An app may be able to access a user's Safari history...

CVE-2026-20640

The CVE-2026-20640 entry describes an inconsistent user interface issue caused by improved state management in iOS/iPadOS. Affected software: iPhone with iOS and iPad with iPadOS, prior to version 26.3. Vulnerable component: user interface state management during iPhone Mirroring with a Mac, whic...

CVE-2026-20640

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac...

CVE-2026-20640

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac...

CVE-2026-20617

CVE-2026-20617 describes a race condition in CoreServices that could allow an app to gain root privileges. The issue was mitigated by improved state handling and is fixed in multiple Apple platforms: iOS 26.3, iPadOS 26.3, watchOS 26.3, tvOS 26.3, visionOS 26.3, macOS Sonoma 14.8.4, and macOS Tah...

CVE-2026-20616

CVE-2026-20616: An out-of-bounds write issue affecting USD file processing was mitigated by improved bounds checking. It is fixed in iOS 18.7.5 / iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, and visionOS 26.3. Exploitation could cause unexpected app termination. This CVE, tied to multipl...

CVE-2026-20641

CVE-2026-20641 is a privacy issue affecting Apple platforms where an app may identify other apps installed on the device. Concrete fixes are listed across multiple Apple OS updates: iOS/iPadOS 18.7.5, iOS/iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionO...

CVE-2026-20677

A race condition was addressed with improved handling of symbolic links. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A shortcut may be able to bypass sandbox restrictions...

CVE-2026-20636

CVE-2026-20636 relates to a memory-handling issue in WebKit/Safari stack that could cause an unexpected process crash when processing malicious web content. Affected products and versions per documents: Safari 26.3; iOS 26.3 and iPadOS 26.3; macOS Tahoe 26.3; visionOS 26.3. Root cause described a...

CVE-2025-46302

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash...

CVE-2026-20661

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information...

CVE-2026-20650

A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets...

CVE-2026-20611

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted media fil...

CVE-2026-20666

An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data...

CVE-2026-20627

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data...

CVE-2026-20667

A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox...

CVE-2026-20610

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges...

CVE-2026-20647

This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data...

CVE-2020-37175

CVE-2020-37175 concerns P2PWIFICAM2 for iOS 10.4.1. The vulnerability is a denial of service caused by processing the Camera ID input field: pasting a 257-character buffer can crash the application on iOS devices. The available metrics show a CVSS v3.1 base score of 7.5 (HIGH, NETWORK attack vect...

CVE-2019-25311 thesystem Persistent XSS

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...