17350 matches found
CVE-2026-20618
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data...
CVE-2026-20618
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data...
CVE-2026-20618
CVE-2026-20618 affects macOS Tahoe prior to 26.3, where improper handling of temporary files could allow an app to access user‑sensitive data. The issue is fixed in macOS Tahoe 26.3. Affected documentation consistently notes improved handling of temporary files as the remediation. No exploitation...
CVE-2025-43417
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.2. An app may be able to access user-sensitive data...
CVE-2025-43403
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An app may be able to access sensitive user data...
CVE-2026-20627
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data...
CVE-2025-57713
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...
CVE-2025-54169
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later...
CVE-2025-57707
An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...
CVE-2025-30269
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync...
CVE-2025-54170
CVE-2025-54170 describes an out-of-bounds read in Qsync Central that can be exploited by a remote attacker who has a user account to access secret data. Affected: Qsync Central; vulnerability type is out-of-bounds read in the affected component. Impact is confidentiality of secret data; attack re...
CVE-2025-57707
An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...
CVE-2025-57707
CVE-2025-57707 affects QNAP File Station 5. The vulnerability is described as an improper neutralization of directives in statically saved code (Static Code Injection) that could allow a remote attacker with a user account to access restricted data/files. The Red Hat, NVD, OSV, and related source...
CVE-2026-1748
The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.3 and earlier contained a security vulnerability. This vulnerability stemmed from parsing issues with directory path handling, which could allow applications t...
CVE-2025-70084
Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtilGetFileInfo function...
PT-2026-7757
Name of the Vulnerable Software and Affected Versions macOS versions prior to Sequoia 15.7.4 macOS versions prior to Tahoe 26.3 Description A logging issue allowed an application to potentially access sensitive user data due to insufficient data redaction. Recommendations Update to macOS Sequoia...
CVE-2024-50617
Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...
CVE-2025-70084
OpenSatKit 2.2.1 is affected by a directory traversal vulnerability in the FileUtil_GetFileInfo function, allowing an attacker to access sensitive information or delete files via a crafted value. The CVE entry and Red Hat/NVD/CIRCL attestations confirm the affected product/version and the underly...
PT-2026-7802
Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.3 macOS versions prior to Sonoma 14.8.4 macOS versions prior to Sequoia 15.7.4 iOS versions prior to 18.7.5 iPadOS versions prior to 18.7.5 iOS versions prior to 26.3 iPadOS versions prior to 26.3 Description A...