Search Results (5683 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-28818 1 Apple 1 Macos 2026-04-02 5.3 Medium
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.
CVE-2024-54565 1 Apple 1 Macos 2026-04-02 6.2 Medium
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to access sensitive user data.
CVE-2024-44271 1 Apple 2 Macos, Macos Sequoia 2026-04-02 3.3 Low
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator.
CVE-2026-28863 1 Apple 6 Ios And Ipados, Ipados, Iphone Os and 3 more 2026-04-02 6.5 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.
CVE-2026-28855 1 Apple 4 Ios And Ipados, Ipados, Iphone Os and 1 more 2026-04-02 7.5 High
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data.
CVE-2024-44210 1 Apple 1 Macos 2026-04-02 3.3 Low
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.
CVE-2026-20622 1 Apple 1 Macos 2026-04-02 7.5 High
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to capture a user's screen.
CVE-2026-28880 1 Apple 5 Ios And Ipados, Ipados, Iphone Os and 2 more 2026-04-02 6.5 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.
CVE-2026-28856 1 Apple 5 Ios And Ipados, Ipados, Iphone Os and 2 more 2026-04-02 4.6 Medium
The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information.
CVE-2026-28895 1 Apple 3 Ios And Ipados, Ipados, Iphone Os 2026-04-02 4.6 Medium
The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode.
CVE-2026-28876 1 Apple 5 Ios And Ipados, Ipados, Iphone Os and 2 more 2026-04-02 7.5 High
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to access sensitive user data.
CVE-2026-28837 1 Apple 1 Macos 2026-04-02 7.5 High
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
CVE-2026-20631 1 Apple 1 Macos 2026-04-02 8.4 High
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges.
CVE-2024-54556 1 Apple 3 Ios, Ipados, Iphone Os 2026-04-02 2.4 Low
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen.
CVE-2026-28892 1 Apple 1 Macos 2026-04-02 5.5 Medium
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.
CVE-2025-24236 1 Apple 1 Macos 2026-04-02 5.5 Medium
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
CVE-2026-20998 1 Samsung 1 Smart Switch 2026-04-02 9.8 Critical
Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication.
CVE-2026-4628 1 Redhat 8 Build Keycloak, Build Of Keycloak, Jboss Enterprise Application Platform and 5 more 2026-04-02 4.3 Medium
A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.
CVE-2026-0748 2 Drupal, Internationalization Project 2 Internationalization, Internationalization 2026-04-02 4.3 Medium
In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls and discloses unpublished node titles and IDs. Exploit affects versions 7.x-1.0 up to and including 7.x-1.35.
CVE-2026-33726 1 Cilium 1 Cilium 2026-04-02 5.4 Medium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments using cloud IPAM, including Cilium ENI on EKS (`eni.enabled`), AlibabaCloud ENI (`alibabacloud.enabled`), Azure IPAM (`azure.enabled`, but not AKS BYOCNI), and some GKE deployments (`gke.enabled`; managed offerings such as GKE Dataplane V2 may use different defaults). It is typically not enabled in tunneled deployments, and chaining deployments are not affected. In practice, Amazon EKS with Cilium ENI mode is likely the most common affected environment. Versions 1.17.14, 1.18.8, and 1.19.2 contain a patch. There is currently no officially verified or comprehensive workaround for this issue. The only option would be to disable per-endpoint routes, but this will likely cause disruptions to ongoing connections, and potential conflicts if running in cloud providers.