CVE-2026-28865

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position ma...

CVE-2026-28865

CVE-2026-28865 is an authentication issue in Apple platforms that Apple fixed with state-management improvements. The advisory indicates the vulnerability affects 802.1X/network authentication and could allow an attacker in a privileged network position to intercept traffic. Patches are present i...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

About the security content of iOS 18.7.7 and iPadOS 18.7.7

About the security content of iOS 18.7.7 and iPadOS 18.7.7 About the security content of iOS 18.7.7 and iPadOS 18.7.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...

EUVD-2026-11352

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

CVE-2026-2368

CVE-2026-2368 involves an improper certificate validation vulnerability in the Lenovo Filez application. The issue could allow an attacker capable of intercepting network traffic to achieve arbitrary code execution on affected systems. From the provided metrics, the vulnerability has a high impac...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

CVE-2026-1068

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...

CVE-2026-1068

CVE-2026-1068 concerns Lenovo Filez with an improper certificate validation flaw. The issue arises in the application’s handling of TLS certificates, allowing an attacker capable of intercepting network traffic (adjacent access) to potentially obtain sensitive user data. The vulnerability is clas...

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

EUVD-2026-9008

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

PT-2026-22320

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

CVE-2026-22715

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715...

Improper Certificate Validation

Overview yapi-vendor is a YAPI Affected versions of this package are vulnerable to Improper Certificate Validation due to the HTTPS agent configuration setting rejectUnauthorized: false. An attacker can intercept and manipulate network traffic by performing a man-in-the-middle attack. Remediation...

CVE-2026-20671

CVE-2026-20671 is a logic-issue vulnerability fixed across Apple platforms. Affected products include iOS/iPadOS 18.7.5 and 26.3, macOS Sequoia 15.7.4, Sonoma 14.8.4, Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. The issue is addressed with improved checks; exploitation requires a privilege...

Apple多款产品 安全漏洞

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A security bypass vulnerability exists in multiple Apple products and is caused by a logic issue in a kerne...