CVE Feeds
CVE News Feed
Updates on the latest vulnerabilities detected.
-
CVE-2025-59437 - Node-IP SSRF Vulnerability
CVE ID :CVE-2025-59437
Published : 16 septembre 2025 00:00 | 2 heures, 16 minutes ago
Description :The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection attempts to the IP address 0 (interpreted as 0.0.0.0) are blocked with error messages such as net::ERR_ADDRESS_INVALID. However, in some situations that depend on both application version and operating system, connection attempts to 0 and 0.0.0.0 are considered connection attempts to 127.0.0.1 (and, for this reason, a false value of isPublic would be preferable).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-59436 - Node-IP SSRF Vulnerability
CVE ID :CVE-2025-59436
Published : 16 septembre 2025 00:00 | 2 heures, 16 minutes ago
Description :The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43375 - Apple Xcode Path Truncation Vulnerability
CVE ID :CVE-2025-43375
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43372 - Apple Media File Processing Denial of Service/Corrupt Memory
CVE ID :CVE-2025-43372
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43371 - Apple Xcode Sandbox Escalation
CVE ID :CVE-2025-43371
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43370 - Apple Xcode Path Handling Buffer Overflow
CVE ID :CVE-2025-43370
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43369 - Apple macOS Tahoe Symlink Privilege Escalation
CVE ID :CVE-2025-43369
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43368 - Safari Use-After-Free Vulnerability
CVE ID :CVE-2025-43368
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43367 - "Apple macOS User Data Protection Bypass"
CVE ID :CVE-2025-43367
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43366 - Apple macOS Tahoe Coprocessor Memory Disclosure
CVE ID :CVE-2025-43366
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to disclose coprocessor memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43362 - Apple iOS Keystroke Monitoring Vulnerability
CVE ID :CVE-2025-43362
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43359 - Apple tvOS/OS/watchOS/macOS Network Socket Binding Vulnerability
CVE ID :CVE-2025-43359
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :A logic issue was addressed with improved state management. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A UDP server socket bound to a local interface may become bound to all interfaces.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43358 - Apple macOS/iOS/iPadOS Sandbox Bypass Permissions Vulnerability
CVE ID :CVE-2025-43358
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, iOS 18.7 and iPadOS 18.7, macOS Tahoe 26, iOS 26 and iPadOS 26. A shortcut may be able to bypass sandbox restrictions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43357 - Apple Device User Fingerprinting Vulnerability
CVE ID :CVE-2025-43357
Published : 15 septembre 2025 23:15 | 3 heures ago
Description :This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to fingerprint the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43356 - Apple Safari Sensor Information Disclosure Vulnerability
CVE ID :CVE-2025-43356
Published : 15 septembre 2025 23:15 | 3 heures, 1 minute ago
Description :The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A website may be able to access sensor information without user consent.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43355 - Apple TVOS WatchOS Denial-of-Service Type Confusion
CVE ID :CVE-2025-43355
Published : 15 septembre 2025 23:15 | 3 heures, 1 minute ago
Description :A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to cause a denial-of-service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43354 - Apple tvOS/WatchOS/macOS/iOS/iPadOS Sensitive Data Exposure
CVE ID :CVE-2025-43354
Published : 15 septembre 2025 23:15 | 3 heures, 1 minute ago
Description :A logging issue was addressed with improved data redaction. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43353 - Apple macOS Heap Corruption Vulnerability
CVE ID :CVE-2025-43353
Published : 15 septembre 2025 23:15 | 3 heures, 1 minute ago
Description :The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43349 - Apple Video File Processing Out-of-Bounds Write
CVE ID :CVE-2025-43349
Published : 15 septembre 2025 23:15 | 3 heures, 1 minute ago
Description :An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted video file may lead to unexpected app termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43347 - Apple tvOS Validation Bypass
CVE ID :CVE-2025-43347
Published : 15 septembre 2025 23:15 | 3 heures, 1 minute ago
Description :This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An input validation issue was addressed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Information
Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.
Company
Who's Online
We have 563 guests and no members online