Aggregator

A vulnerability classified as critical was found in Apple macOS up to 14.8.1/15.7.1. Impacted is an unknown function of the component Shortcuts App. Executing manipulation can lead to permission issues. This vulnerability is tracked as CVE-2025-43414. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Apple Safari, tvOS, visionOS, watchOS, iOS and iPadOS up to 26.0. This issue affects some unknown processing. Performing manipulation results in permissive cross-domain policy with untrusted domains. This vulnerability is identified as CVE-2025-43392. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Apple visionOS, watchOS, macOS, iOS and iPadOS up to 26.0. This vulnerability affects unknown code of the component Setting Handler. Such manipulation leads to improper access controls. This vulnerability is referenced as CVE-2025-43496. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in mantisbt Mantis Bug Tracker up to 2.27.1. This affects an unknown part of the component Issue Activity Log Handler. This manipulation causes allocation of resources. The identification of this vulnerability is CVE-2025-46556. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Apple watchOS up to 26.0. Affected by this issue is some unknown functionality of the component Live Voicemail Handler. The manipulation results in improper authentication. This vulnerability was named CVE-2025-43459. An attack on the physical device is feasible. There is no available exploit. The affected component should be upgraded.

Devuan 发行版释出了代号为 Excalibur 的 Devuan 6.0。Devuan 6.0 是基于今年 8 月发布的 Debian 13 trixie，主要变化与 Debian 13 相同，使用 Linux 6.12 LTS 内核，桌面环境包括 GNOME 48、KDE Plasma 6.3、Xfce 4.20，以及 GCC 14.2、Python 3.13 等，正式支持 riscv64 架构，等等。Devuan 发行版是因为初始化系统 systemd 争议而由一群不满的 Debian 开发者创建的不使用 systemd 的分支。

Devuan 发行版发布 Devuan 6.0（代号 Excalibur），基于 Debian 13 trixie 和 Linux 6.12 LTS 内核。提供 GNOME 48、KDE Plasma 6.3、Xfce 4.20 等桌面环境，并正式支持 riscv64 架构。该发行版由不满 systemd 的 Debian 开发者创建。

A vulnerability identified as problematic has been detected in Apple macOS up to 15.7.1. Affected by this vulnerability is an unknown functionality of the component App. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2025-43378. Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Apple macOS up to 15.7.1. Affected is an unknown function of the component App. Executing manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2025-43377. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Apple macOS up to 14.8.1/15.7.1. It has been rated as problematic. This impacts an unknown function of the component App. Performing manipulation results in race condition. This vulnerability is known as CVE-2025-43364. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Apple macOS up to 14.8.1/15.7.1. It has been declared as critical. This affects an unknown function of the component App. Such manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-43348. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 14.8.1/15.7.1. It has been classified as problematic. The impacted element is an unknown function of the component App. This manipulation causes information disclosure. This vulnerability appears as CVE-2025-43335. The attack requires local access. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Apple macOS up to 14.8.1/15.7.1 and classified as problematic. The affected element is an unknown function of the component App. The manipulation results in information disclosure. This vulnerability is reported as CVE-2025-43334. The attack requires a local approach. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Apple iOS, iPadOS, tvOS, visionOS and watchOS and classified as problematic. Impacted is an unknown function of the component App. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2025-43323. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Apple macOS up to 14.8.1/15.7.1. This issue affects some unknown processing of the component App. Executing manipulation can lead to information disclosure. This vulnerability is registered as CVE-2025-43322. The attack needs to be launched locally. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple macOS up to 15.6. This vulnerability affects unknown code of the component App. Performing manipulation results in symlink following. This vulnerability is cataloged as CVE-2025-43288. The attack must be initiated from a local position. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in MediaTek MT6899, MT6991 and MT8793. This affects an unknown part of the component pda. Such manipulation leads to use after free. This vulnerability is listed as CVE-2025-20744. The attack must be carried out locally. There is no available exploit. A patch should be applied to remediate this issue.

A vulnerability classified as critical has been found in MediaTek MT2718, MT6761, MT6765, MT6768, MT6781, MT6853, MT6877, MT6886, MT6893, MT6897, MT6899, MT6983, MT6989, MT6991, MT8113, MT8163, MT8168, MT8169, MT8183, MT8186, MT8188, MT8195, MT8196, MT8321, MT8365, MT8385, MT8390, MT8391, MT8512, MT8516, MT8519, MT8676, MT8678, MT8695, MT8696, MT8698, MT8755, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788E, MT8791T, MT8792, MT8793, MT8796, MT8797, MT8798, MT8873, MT8883 and MT8893. Affected by this issue is some unknown functionality of the component clkdbg. This manipulation causes use after free. This vulnerability is tracked as CVE-2025-20743. The attack is restricted to local execution. No exploit exists. It is suggested to install a patch to address this issue.

A vulnerability described as critical has been identified in MediaTek MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981 and MT7986. Affected by this vulnerability is an unknown functionality of the component WLAN AP Driver. The manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2025-20741. The attack is only possible with local access. There is not any exploit available. Applying a patch is advised to resolve this issue.

A vulnerability marked as critical has been reported in MediaTek MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981 and MT7986. Affected is an unknown function of the component WLAN AP Driver. The manipulation leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2025-20739. The attack can only be performed from a local environment. No exploit is available. It is recommended to apply a patch to fix this issue.