cbcvebase.

Apple visionOS vulnerabilities

475 known vulnerabilities affecting apple/visionos.

Total CVEs
475
CISA KEV
17
actively exploited
Public exploits
2
Exploited in wild
6
Severity breakdown
CRITICAL30HIGH160MEDIUM273LOW12

Vulnerabilities

Page 6 of 24
CVE-2026-20653MEDIUMCVSS 5.5fixed in 26.32026-02-11
CVE-2026-20653 [MEDIUM] CWE-22 CVE-2026-20653: A parsing issue in the handling of directory paths was addressed with improved path validation. This A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.
nvdapple
CVE-2025-46300MEDIUMCVSS 5.7fixed in 26.22026-02-11
CVE-2025-46300 [MEDIUM] CWE-119 CVE-2025-46300: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
nvdapple
CVE-2025-46305MEDIUMCVSS 5.7fixed in 26.22026-02-11
CVE-2025-46305 [MEDIUM] CWE-119 CVE-2025-46305: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
nvdapple
CVE-2026-20635MEDIUMCVSS 4.3fixed in 26.32026-02-11
CVE-2026-20635 [MEDIUM] CWE-119 CVE-2026-20635: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
nvdapple
CVE-2026-20625MEDIUMCVSS 5.5fixed in 26.32026-02-11
CVE-2026-20625 [MEDIUM] CWE-22 CVE-2026-20625: A parsing issue in the handling of directory paths was addressed with improved path validation. This A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.
nvdapple
CVE-2026-20675MEDIUMCVSS 5.5fixed in 26.32026-02-11
CVE-2026-20675 [MEDIUM] CWE-77 CVE-2026-20675: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.
nvdapple
CVE-2026-20636MEDIUMCVSS 6.5fixed in 26.32026-02-11
CVE-2026-20636 [MEDIUM] CWE-119 CVE-2026-20636: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
nvdapple
CVE-2026-20627MEDIUMCVSS 5.5fixed in 26.32026-02-11
CVE-2026-20627 [MEDIUM] CWE-20 CVE-2026-20627: An issue existed in the handling of environment variables. This issue was addressed with improved va An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data.
nvdapple
CVE-2026-20608MEDIUMCVSS 5.5fixed in 26.32026-02-11
CVE-2026-20608 [MEDIUM] CWE-770 CVE-2026-20608: This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
nvdapple
CVE-2025-46304MEDIUMCVSS 5.7fixed in 26.22026-02-11
CVE-2025-46304 [MEDIUM] CWE-400 CVE-2025-46304: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
nvdapple
CVE-2026-20644MEDIUMCVSS 6.5fixed in 26.32026-02-11
CVE-2026-20644 [MEDIUM] CWE-119 CVE-2026-20644: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
nvdapple
CVE-2026-20676MEDIUMCVSS 5.3fixed in 26.32026-02-11
CVE-2026-20676 [MEDIUM] CWE-400 CVE-2026-20676: This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
nvdapple
CVE-2026-20634MEDIUMCVSS 5.5fixed in 26.32026-02-11
CVE-2026-20634 [MEDIUM] CVE-2026-20634: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.
nvdapple
CVE-2026-20671LOWCVSS 3.1fixed in 26.32026-02-11
CVE-2026-20671 [LOW] CWE-77 CVE-2026-20671: A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7. A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to intercept network traffic.
nvdapple
CVE-2025-46299MEDIUMCVSS 4.3fixed in 26.22026-01-09
CVE-2025-46299 [MEDIUM] CWE-284 CVE-2025-46299: A memory initialization issue was addressed with improved memory handling. This issue is fixed in Sa A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.
nvdapple
CVE-2025-46298MEDIUMCVSS 6.5fixed in 26.22026-01-09
CVE-2025-46298 [MEDIUM] CWE-119 CVE-2025-46298: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
nvdapple
CVE-2025-43428CRITICALCVSS 9.8fixed in 26.22025-12-17
CVE-2025-43428 [CRITICAL] CWE-306 CVE-2025-43428: A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 an A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Photos in the Hidden Photos Album may be viewed without authentication.
nvdapple
CVE-2025-43529HIGHCVSS 8.8KEVfixed in 26.22025-12-17
CVE-2025-43529 [HIGH] CVE-2025-43529: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been expl
nvdapple
CVE-2025-43541MEDIUMCVSS 4.3fixed in 26.22025-12-17
CVE-2025-43541 [MEDIUM] CWE-843 CVE-2025-43541: A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26. A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
nvdapple
CVE-2025-46288MEDIUMCVSS 5.5fixed in 26.22025-12-17
CVE-2025-46288 [MEDIUM] CWE-284 CVE-2025-46288: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive payment tokens.
nvdapple
← Previous6 / 24Next →
Apple visionOS vulnerabilities | cvebase