Lucene search
K

1175 matches found

NVD
NVD
added 2026/04/02 7:18 p.m.8 views

CVE-2024-44286

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device...

7.5CVSS0.0034EPSS
Exploits0References1
CVE
CVE
added 2026/04/02 6:13 p.m.14 views

CVE-2024-44286

CVE-2024-44286 affects macOS Sequoia 15.1 and earlier, where an attacker with physical access can inject keyboard events into apps running on a locked device. The root cause is described as improved state management. The issue is fixed in macOS Sequoia 15.1. Remediation: update to macOS 15.1 or l...

7.5CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 6:13 p.m.5 views

CVE-2024-44286

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device...

5.9AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/02 6:13 p.m.16 views

CVE-2024-44286

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device...

0.0034EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.1 had a security vulnerability caused by a state management issue. This vulnerability could allow attackers with physical access to input keyboard events int...

7.5CVSS5.8AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.9 views

CVE-2026-28856

The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information...

4.6CVSS5.8AI score0.00277EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/25 9:10 p.m.6 views

Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect

Summary When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV basic auth, and OpenID Connect — do not verify user status, allowing disabled or locked users to continue...

8.1CVSS5.9AI score0.00453EPSS
Exploits1References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/25 5:45 p.m.4 views

CVE-2026-23344

A flaw was found in the Linux kernel's crypto: ccp module. A use-after-free vulnerability exists in the sevtsminitlocked function's error handling path. This occurs when the system attempts to access memory that has already been released, leading to a memory corruption vulnerability. This could...

5.7AI score0.0012EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/25 3:31 a.m.8 views

EUVD-2026-15127

The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information...

4.6CVSS5.8AI score0.00277EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 1:17 a.m.4 views

CVE-2026-28856

The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information...

4.6CVSS0.00277EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 12:32 a.m.5 views

CVE-2026-28856

The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information...

5.8AI score0.00277EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/25 12:32 a.m.27 views

CVE-2026-28856

The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information...

0.00277EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 12:32 a.m.18 views

CVE-2026-28856

The CVE-2026-28856 issue is addressed with improved authentication and is fixed in iOS 26.4, iPadOS 26.4, visionOS 26.4, and watchOS 26.4. The description notes that an attacker with physical access to a locked device may view sensitive user information. The connected documents provide these vers...

4.6CVSS5.8AI score0.00277EPSS
Exploits0References3Affected Software4
ATTACKERKB
ATTACKERKB
added 2026/03/25 12:32 a.m.4 views

CVE-2026-28856

The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information...

5.8AI score0.00277EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-27580

The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information...

5.8AI score0.00277EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/25 12:0 a.m.6 views

Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect

When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV basic auth, and OpenID Connect — do not verify user status, allowing disabled or locked users to continue accessing th...

8.1CVSS5.8AI score0.00453EPSS
Exploits1References9Affected Software1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.19 views

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.18.0 to 2.2.1 had security vulnerabilities. These vulnerabilities stemmed from insufficient validation of user status during certain authentication processes, allowing users who were already...

8.1CVSS6.4AI score0.00453EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/23 9:30 a.m.5 views

EUVD-2026-14382

The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the flushing is done, and...

7.8CVSS5.9AI score0.00128EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/18 9:40 p.m.6 views

CVE-2026-32878

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.13 views

PT-2026-25985

Impact An attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that exploits prototype pollution in the deep copy mechanism. This allows injecting fields into class schemas that have field addition locked...

7.5CVSS5.8AI score0.00345EPSS
Exploits0References10
Rows per page
Query Builder