Total
8946 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44255 | 1 Apple | 8 Ipados, Iphone Os, Mac Os and 5 more | 2026-04-02 | 8.4 High |
| A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to run arbitrary shortcuts without user consent. | ||||
| CVE-2024-44190 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to read arbitrary files. | ||||
| CVE-2024-44167 | 2 Apple, Mercurycom | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-04-02 | 8.1 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. An app may be able to overwrite arbitrary files. | ||||
| CVE-2024-27887 | 1 Apple | 1 Macos | 2026-04-02 | 6.2 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. | ||||
| CVE-2024-27871 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-02 | 5.5 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. An app may be able to access protected user data. | ||||
| CVE-2024-27827 | 1 Apple | 1 Macos | 2026-04-02 | 6.2 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to read arbitrary files. | ||||
| CVE-2024-27821 | 1 Apple | 6 Ios, Ipad Os, Ipados and 3 more | 2026-04-02 | 7.5 High |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A shortcut may output sensitive user data without consent. | ||||
| CVE-2024-27810 | 1 Apple | 7 Ios, Ipad Os, Ipados and 4 more | 2026-04-02 | 9.8 Critical |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to read sensitive location information. | ||||
| CVE-2024-23216 | 1 Apple | 1 Macos | 2026-04-02 | 6.7 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files. | ||||
| CVE-2025-43191 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-02 | 6.2 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause a denial-of-service. | ||||
| CVE-2026-28816 | 1 Apple | 1 Macos | 2026-04-02 | 4 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission. | ||||
| CVE-2024-44195 | 1 Apple | 1 Macos | 2026-04-02 | 7.5 High |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files. | ||||
| CVE-2026-28827 | 1 Apple | 1 Macos | 2026-04-02 | 9.3 Critical |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox. | ||||
| CVE-2024-27869 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-04-02 | 7.5 High |
| The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator. | ||||
| CVE-2026-20688 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-04-02 | 9.3 Critical |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox. | ||||
| CVE-2026-21005 | 1 Samsung | 1 Smart Switch | 2026-04-02 | 6.5 Medium |
| Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege. | ||||
| CVE-2026-30580 | 1 Leefish | 1 File Thingie | 2026-04-02 | 4.3 Medium |
| File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system. | ||||
| CVE-2025-70952 | 2 Pf4j, Pf4j Project | 2 Pf4j, Pf4j | 2026-04-02 | 7.5 High |
| pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation. | ||||
| CVE-2025-67030 | 1 Codehaus-plexus | 1 Plexus-utils | 2026-04-02 | 8.8 High |
| Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code | ||||
| CVE-2026-32846 | 1 Openclaw | 1 Openclaw | 2026-04-02 | 7.5 High |
| OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys. | ||||