Apple: Security Vulnerabilities
Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-14
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-14
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-14
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-10-14
IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-14
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-10-09
MacForge contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects MacForge: 1.2.0 Beta 1.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-04
Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications.
CVSS Score
7.4
EPSS Score
0.0
Published
2025-10-03
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.1, tvOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-09-29
Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.001
Published
2025-09-24