cbcvebase.

Apple visionOS vulnerabilities

475 known vulnerabilities affecting apple/visionos.

Total CVEs
475
CISA KEV
17
actively exploited
Public exploits
2
Exploited in wild
6
Severity breakdown
CRITICAL30HIGH160MEDIUM273LOW12

Vulnerabilities

Page 2 of 24
CVE-2026-28907HIGHCVSS 8.1fixed in 26.52026-05-11
CVE-2026-28907 [HIGH] CWE-20 CVE-2026-28907: The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7 The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
nvd
CVE-2026-28944HIGHCVSS 7.5fixed in 26.52026-05-11
CVE-2026-28944 [HIGH] CWE-119 CVE-2026-28944: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28974HIGHCVSS 7.5fixed in 26.52026-05-11
CVE-2026-28974 [HIGH] CWE-284 CVE-2026-28974: This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed i This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service.
nvd
CVE-2026-28990HIGHCVSS 7.5fixed in 26.52026-05-11
CVE-2026-28990 [HIGH] CWE-119 CVE-2026-28990: The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26 The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.
nvd
CVE-2026-28947HIGHCVSS 8.8fixed in 26.52026-05-11
CVE-2026-28947 [HIGH] CWE-416 CVE-2026-28947: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
nvd
CVE-2026-28860HIGHCVSS 7.5fixed in 26.42026-05-11
CVE-2026-28860 [HIGH] CWE-20 CVE-2026-28860: The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A local attacker may be able to modify the state of the Keychain.
nvd
CVE-2026-28905HIGHCVSS 7.5fixed in 26.52026-05-11
CVE-2026-28905 [HIGH] CWE-119 CVE-2026-28905: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28901MEDIUMCVSS 4.3fixed in 26.52026-05-11
CVE-2026-28901 [MEDIUM] CWE-119 CVE-2026-28901: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28977MEDIUMCVSS 6.2fixed in 26.52026-05-11
CVE-2026-28977 [MEDIUM] CWE-119 CVE-2026-28977: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
nvd
CVE-2026-28942MEDIUMCVSS 6.5fixed in 26.52026-05-11
CVE-2026-28942 [MEDIUM] CWE-416 CVE-2026-28942: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
nvd
CVE-2026-28996MEDIUMCVSS 5.5fixed in 26.52026-05-11
CVE-2026-28996 [MEDIUM] CWE-362 CVE-2026-28996: A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadO A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data.
nvd
CVE-2026-28903MEDIUMCVSS 6.5fixed in 26.52026-05-11
CVE-2026-28903 [MEDIUM] CWE-119 CVE-2026-28903: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28993MEDIUMCVSS 5.5fixed in 26.52026-05-11
CVE-2026-28993 [MEDIUM] CWE-284 CVE-2026-28993: This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data.
nvd
CVE-2026-28902MEDIUMCVSS 6.5fixed in 26.52026-05-11
CVE-2026-28902 [MEDIUM] CWE-119 CVE-2026-28902: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28956MEDIUMCVSS 6.5fixed in 26.52026-05-11
CVE-2026-28956 [MEDIUM] CWE-125 CVE-2026-28956: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 2 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
nvd
CVE-2026-28917MEDIUMCVSS 4.3fixed in 26.52026-05-11
CVE-2026-28917 [MEDIUM] CWE-20 CVE-2026-28917: The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7 The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28992MEDIUMCVSS 4.7fixed in 26.52026-05-11
CVE-2026-28992 [MEDIUM] CWE-362 CVE-2026-28992: A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app termination.
nvd
CVE-2026-28847MEDIUMCVSS 6.5fixed in 26.52026-05-11
CVE-2026-28847 [MEDIUM] CWE-119 CVE-2026-28847: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28918MEDIUMCVSS 6.5fixed in 26.52026-05-11
CVE-2026-28918 [MEDIUM] CWE-125 CVE-2026-28918: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.
nvd
CVE-2026-28920MEDIUMCVSS 6.5fixed in 26.52026-05-11
CVE-2026-28920 [MEDIUM] CWE-200 CVE-2026-28920: An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 a An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak sensitive data.
nvd
← Previous2 / 24Next →