6.3
CVE-2025-67721 - Aircompressor's Snappy and LZ4 Java-based decompressor implementation can leak information from reuβ¦
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via crafβ¦
6.9
CVE-2025-14583 - campcodes Online Student Enrollment System register.php unrestricted upload
A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing a manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be uβ¦
5.1
CVE-2025-14582 - campcodes Online Student Enrollment System index.php unrestricted upload
A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing a manipulation of the argument userphoto results in unrestricted upload. The attack can be initiated remotely. The exploit is nβ¦
7.1
CVE-2025-14611 - Gladinet CentreStack and TrioFox Hard Coded AES Keys
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted requβ¦
3.3
CVE-2025-43518 - Inappropriate File Access via Spellcheck API
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, watchOS 26.2. An app may be able to inappropriately access files through the spellcheck API.
3.3
CVE-2025-43522 - Downgrade Vulnerability Allowing Unauthorized Access to User Data on Intel-based macOS
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access user-sensitive data.
7.8
CVE-2025-43467 - macOS Privilege Escalation via Improper System Checks
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to gain root privileges.
5.5
CVE-2025-43471 - Potential Access to Sensitive User Data via Improper Checks
The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
5.5
CVE-2025-43406 - Logic Issue Allowing App Access to Sensitive User Data in macOS Tahoe
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
2.4
CVE-2025-43410 -
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes.