apple

Vendors · apple

· 489 Critical14,086 known vulnerabilities across 195 products

Total CVEs

14,086

Critical

489

Products

195

Search All CVEs →

14,086

Products (195)

macos5,886 CVEs mac os x5,568 CVEs iphone os4,397 CVEs tvos2,015 CVEs ipados1,901 CVEs watchos1,780 CVEs safari1,611 CVEs itunes922 CVEs mac os x server817 CVEs icloud449 CVEs visionos435 CVEs webkit258 CVEs quicktime250 CVEs xcode96 CVEs ipad os89 CVEs ipod touch58 CVEs cups56 CVEs apple tv36 CVEs darwin streaming server27 CVEs iphone23 CVEs quicktime streaming server16 CVEs os x server11 CVEs airport base station firmware11 CVEs swiftnio10 CVEs garageband9 CVEs airport extreme9 CVEs music8 CVEs imageio8 CVEs ichat8 CVEs mail7 CVEs pages7 CVEs tv os7 CVEs keynote7 CVEs apple remote desktop6 CVEs ipad6 CVEs airport express6 CVEs swiftnio http\/25 CVEs cfnetwork5 CVEs iphoto5 CVEs time capsule4 CVEs numbers4 CVEs swift4 CVEs afp server4 CVEs iwork4 CVEs terminal4 CVEs ipad24 CVEs logic pro x3 CVEs bonjour3 CVEs webcore3 CVEs webobjects3 CVEs mdnsresponder3 CVEs airport express base station firmware3 CVEs coregraphics3 CVEs a ux3 CVEs airport extreme base station firmware3 CVEs ical3 CVEs powerpc3 CVEs watch os3 CVEs airport base station3 CVEs mac os runtime for java3 CVEs mac os3 CVEs boot camp2 CVEs airplay audio software development kit2 CVEs airplay video software development kit2 CVEs airpods firmware2 CVEs apple support2 CVEs applescript2 CVEs appleshare2 CVEs carboncore2 CVEs carplay communication plug-in2 CVEs container2 CVEs files2 CVEs ichat server2 CVEs imovie2 CVEs installer2 CVEs instant message framework2 CVEs java 1.52 CVEs java 1.62 CVEs macbook air2 CVEs personal web sharing2 CVEs quicktime pictureviewer2 CVEs remote desktop2 CVEs shazam2 CVEs shortcuts2 CVEs software update2 CVEs xsan2 CVEs core audio technologies1 CVEs containerization1 CVEs compressor1 CVEs itunes u1 CVEs claris emailer1 CVEs java1 CVEs java 1.41 CVEs a5x1 CVEs a51 CVEs 802.11n1 CVEs libsecurity1 CVEs bomarchivehelper1 CVEs m11 CVEs m1 mac mini1 CVEs m1 max1 CVEs m1 pro1 CVEs m1 ultra1 CVEs m21 CVEs m2 max1 CVEs m2 pro1 CVEs m2 ultra1 CVEs m31 CVEs m3 max1 CVEs m3 pro1 CVEs m3 ultra1 CVEs m41 CVEs m4 max1 CVEs m4 pro1 CVEs beats fit pro firmware1 CVEs beats fit pro1 CVEs mac os server1 CVEs appleshare mail server1 CVEs mac os x preview.app1 CVEs apple type services1 CVEs a11 bionic1 CVEs macbook pro1 CVEs apple music1 CVEs macos server1 CVEs magic keyboard1 CVEs magic keyboard firmware1 CVEs apple laserwriter1 CVEs apple airport extreme base station1 CVEs minimal slp service agent1 CVEs mobile safari1 CVEs motion1 CVEs app store connect1 CVEs music classical1 CVEs nioextras1 CVEs aperture1 CVEs apache mod digest apple1 CVEs airport utility1 CVEs pdfkit1 CVEs weblog server1 CVEs podcast producer1 CVEs powerbeats1 CVEs powerbeats firmware1 CVEs airport card1 CVEs preview1 CVEs pro video formats1 CVEs pykerberos1 CVEs quartz composer1 CVEs quicklook1 CVEs airpods pro firmware1 CVEs quicktime broadcaster1 CVEs quicktime darwin mp3 broadcaster1 CVEs quicktime mpeg-2 playback component1 CVEs a10x fusion1 CVEs airpods pro1 CVEs windows migration assistant1 CVEs airpods max firmware1 CVEs securerom1 CVEs server manager1 CVEs a10 fusion1 CVEs xcode tools1 CVEs smart card services1 CVEs xserve lights-out management1 CVEs studio display1 CVEs studio display firmware1 CVEs airpods max1 CVEs swift-crypto1 CVEs swift-nio-extras1 CVEs swift foundation1 CVEs swift prometheus1 CVEs airpods1 CVEs a9x1 CVEs swiftnio ssl1 CVEs tcp ip configuration utility1 CVEs a91 CVEs textedit1 CVEs texture1 CVEs a8x1 CVEs tokend1 CVEs transporter1 CVEs a81 CVEs a71 CVEs a6x1 CVEs a61 CVEs watch ultra1 CVEs watch ultra 21 CVEs imessage1 CVEs ichat av1 CVEs ipad mini1 CVEs ibooks author1 CVEs exposure notifications1 CVEs data detectors engine1 CVEs iphone 3gs1 CVEs iphone configuration web utility1 CVEs core image fun house1 CVEs iphone se1 CVEs

Recent Vulnerabilities

View all 14,086 →

CVE-2026-12033MEDIUM 5.3

Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

CVE-2026-12027CRITICAL 9.6

Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-12025MEDIUM 5.3

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

CVE-2026-12024MEDIUM 6.5

Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

CVE-2026-12023HIGH 8.3

Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-12022HIGH 8.3

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

CVE-2026-12020HIGH 8.8

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2026-12017LOW 3.1

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

CVE-2026-12016HIGH 8.3

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-12015MEDIUM 5.3

Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

CVE-2026-12014HIGH 8.3

Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High)

CVE-2026-12012HIGH 8.1

Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

CVE-2026-12009HIGH 8.3

Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-12008HIGH 8.3

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2025-46315HIGH 7.5

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.

CVE-2025-46313MEDIUM 5.5

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

CVE-2025-46308MEDIUM 5.3

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information.

CVE-2025-46293MEDIUM 5.5

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

CVE-2025-43339MEDIUM 5.5

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data.

CVE-2025-43278MEDIUM 5.5

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

CVE-2025-31272HIGH 7.8

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.

CVE-2025-30459MEDIUM 5.5

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.

CVE-2025-30431MEDIUM 5.5

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.

CVE-2025-24284HIGH 8.8

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.

CVE-2025-24268MEDIUM 5.5

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.