Security Vulnerabilities
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-04-02
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
CVSS Score
8.2
EPSS Score
0.001
Published
2026-04-02
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-04-02
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent.
CVSS Score
7.1
EPSS Score
0.001
Published
2026-04-02
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-04-02
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
CVSS Score
4.2
EPSS Score
0.0
Published
2026-04-02
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, #, and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be bypassed. This can lead to host header poisoning in applications that use req.host, req.url, or req.base_url for link generation, redirects, or origin validation. This issue has been patched in versions 3.1.21 and 3.2.6.
CVSS Score
4.8
EPSS Score
0.001
Published
2026-04-02
A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter, resulting in a stack overflow.
Successful exploitation results in Denial-of-Service (DoS) condition, leading to a service crash or device reboot, impacting availability.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-02
A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent network may send a crafted HTTP request to cause buffer overflow and memory corruption, leading to system interruption or device reboot.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-02
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input. An attacker
on the same network segment could trigger heap memory corruption conditions by
sending crafted payloads that cause write operations beyond allocated buffer
boundaries. Successful exploitation
causes a Denial-of-Service (DoS) condition, causing the device’s process to
crash or become unresponsive.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-02