5.5
CVE-2025-31231 - macOS Sequoia Location Permissions Issue Exposing Sensitive Data
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read sensitive location information.
5.5
CVE-2025-31199 - Logging Vulnerability Exposing Sensitive User Data on Apple Operating Systems
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data.
4.6
CVE-2025-31264 - Authentication Bypass on Locked macOS Devices Allows Viewing Sensitive User Information
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.
5.5
CVE-2025-31198 - macOS Symlink Path Validation Vulnerability
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A path handling issue was addressed with improved validation.
8.2
CVE-2025-31189 - File quarantine bypass may enable sandbox escape in macOS
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox.
9.1
CVE-2025-31263 - Coprocessor Memory Corruption via Improper Memory Handling
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
6.9
CVE-2025-5330 - FreeFloat FTP Server RETR Command buffer overflow
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and mβ¦
5.3
CVE-2025-5328 - chshcms mccms Backups.php restore_del path traversal
A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the argument dirs leads to path traversal. The attack can be initiated remotely. The exploitβ¦
5.3
CVE-2025-5327 - chshcms mccms Gf.php index server-side request forgery
A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit hasβ¦
5.3
CVE-2025-5326 - zhilink ζΊδΊθ(ζ·±ε³)η§ζζιε ¬εΈ ADP Application Developer Platform εΊη¨εΌεθ εΉ³ε° verifyToken deserialization
A vulnerability was found in zhilink ζΊδΊθ(ζ·±ε³)η§ζζιε ¬εΈ ADP Application Developer Platform εΊη¨εΌεθ εΉ³ε° 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adpweb/wechat/verifyToken/. The manipulation leads to deserialization. The attack may be launched remotelβ¦