These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-46315 is a HIGH-severity vulnerability (CVSS Score: 7.5) affecting macOS, which was publicly disclosed on 2026-06-11. The issue involves a permissions problem that was resolved with additional restrictions in macOS Tahoe 26.1. Successful exploitation could allow an app to access protected user data. Apple has provided a vendor advisory [ref-4] detailing the fix.
CVE-2025-46313 is a medium-severity vulnerability (CVSS Score: 5.5) that was publicly disclosed on 2026-06-11T19:16:34.603Z and last modified on 2026-06-12T22:16:47.890Z. The vulnerability is related to a logging issue that was addressed with improved data redaction in macOS Tahoe 26.1. According to the CVE description, an app may be able to access sensitive user data due to this issue. The CVE record can [truncated]
CVE-2025-46308 is a medium-severity vulnerability (CVSS Score: 5.3) affecting iOS, iPadOS, and macOS. An authorization issue was addressed with improved state management, fixing a bug that allowed an app to leak sensitive user information. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4.
CVE-2025-46293 is a medium-severity vulnerability in Apple macOS, addressed in macOS Sequoia 15.4. The issue was related to improved handling of symlinks. An app may be able to access protected user data. The CVSS score for this vulnerability is 5.5.
CVE-2025-43339 is a MEDIUM-severity access issue vulnerability addressed by Apple in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data. The issue was publicly disclosed on [**cve-org**](https://www.cve.org/CVERecord?id=CVE-2025-43339) and further details can be found on [**nvd**](https://nvd.nist.gov/vuln/detail/CVE-2025-43339).
CVE-2025-43278 is a medium-severity vulnerability (CVSS Score: 5.5) that was addressed with improved handling of symlinks. The issue is fixed in macOS Sequoia 15.4. According to the CVE description, an app may be able to access protected user data. The CVE was published on [cvePublishedAt] and modified on [cveModifiedAt].
CVE-2025-31272 is a HIGH severity vulnerability in macOS Sequoia 15.4. The issue was addressed with improved checks. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges. The CVSS score for this vulnerability is 7.8.
CVE-2025-30459 is a medium-severity privacy issue in Apple macOS Sequoia 15.4. The vulnerability allowed an app to potentially access sensitive user data due to the presence of vulnerable code, which has since been removed. This issue was publicly disclosed on [cvePublishedAt] and last modified on [cveModifiedAt].
CVE-2025-30431 is a medium-severity vulnerability in Apple macOS, allowing malicious apps to access private information. The issue was addressed with improved checks and is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5.
CVE-2025-24284 is a HIGH severity vulnerability in Apple macOS, with a CVSS score of 8.8. The issue was addressed with improved checks to prevent unauthorized actions and is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox due to this vulnerability.
CVE-2025-24268 is a medium-severity vulnerability (CVSS Score: 5.5) affecting macOS Sequoia. The issue involves a parsing problem with directory paths that was resolved through improved path validation, fixed in macOS Sequoia 15.4. Successful exploitation could allow an app to access sensitive user data.
CVE-2025-24165 is a medium-severity vulnerability (CVSS Score: 5.5) affecting macOS. An app may be able to cause unexpected system termination due to a permissions issue, which was addressed with additional restrictions in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5.
CVE-2022-48575 is a low-severity vulnerability (CVSS Score: 3.5) affecting macOS Monterey. A person with access to a Mac may be able to bypass Login Window due to a consistency issue addressed with improved state handling. This issue was fixed in macOS Monterey 12.4.
CVE-2022-26758 is a HIGH severity vulnerability in Apple macOS Monterey versions prior to 12.4. A malicious application may cause unexpected changes in memory shared between processes, leading to memory corruption.
A logic issue in macOS Tahoe 26 could allow an app to access sensitive user data. Apple addressed this with improved restrictions. The vulnerability was published on May 26, 2026, with no CVSS score or severity assigned. No known exploitation in the wild has been reported.
A race condition vulnerability in macOS could allow a malicious application to escalate privileges to root. Apple addressed this with additional validation in macOS Sequoia 15.7 and macOS Tahoe 26. The vulnerability was published on May 26, 2026. No CVSS score or severity rating has been assigned by NVD at this time. The issue is not listed in CISA's Known Exploited Vulnerabilities catalog.
An out-of-bounds read vulnerability in macOS was resolved through improved bounds checking. The issue, which could allow an application to trigger unexpected system termination, was addressed in macOS Tahoe 26. No CVSS score or severity rating has been assigned by NVD as of the CVE publication date. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
A permissions vulnerability in macOS allowed applications to access sensitive user data without proper authorization. Apple addressed this by removing the vulnerable code in macOS Tahoe 26. The issue represents a privacy bypass where an app could circumvent intended access controls to reach protected user information. No CVSS score or severity rating has been assigned by NVD. The vulnerability was disclos [truncated]
A permissions issue in macOS allowed apps to modify protected parts of the file system. Apple addressed this with additional restrictions in macOS Sequoia 15.7, macOS Sonoma 14.8, and macOS Tahoe 26. The vulnerability was published on May 26, 2026. No CVSS score or severity rating has been assigned by NVD. This issue is not listed in CISA's Known Exploited Vulnerabilities catalog.
A logic validation flaw in macOS allows malicious applications to bypass access controls and read sensitive user data. Apple patched this in macOS Sequoia 15.7, macOS Sonoma 14.8, and macOS Tahoe 26. No CVSS score has been assigned by NVD as of the CVE publication date (2026-05-26). The vulnerability is not listed in CISA KEV.
An attacker in a privileged network position may be able to leak sensitive information due to a path handling issue in Apple Private Cloud Compute (PCC). The vulnerability was addressed with improved validation and is fixed in PCC Release 5E290.3. The issue carries a CVSS 3.1 score of 6.5 (MEDIUM severity) with an attack vector of adjacent network, low attack complexity, no privileges required, and no use [truncated]
CVE-2026-8562 is a medium-severity information disclosure issue in Google Chrome's Navigation component. A remote attacker can use a crafted HTML page to trigger a side-channel leak of cross-origin data in versions before 148.0.7778.168. The record is rated CVSS 4.3 and requires user interaction.
CVE-2026-8561 is a Google Chrome issue where the browser could show incorrect security UI while in fullscreen mode. A remote attacker could use a crafted HTML page to spoof interface elements and mislead a user. NVD rates the issue as medium severity, and the CVSS vector indicates network attack, low attack complexity, no privileges required, but user interaction is required. The practical risk is decepti [truncated]
CVE-2026-8529 is a high-severity memory corruption issue in Google Chrome’s codecs component. According to the NVD record and Google’s advisory, a crafted video file could trigger a heap buffer overflow and allow remote code execution inside the browser sandbox. The vulnerable product range is Chrome before 148.0.7778.168.
CVE-2026-8528 is a Google Chrome Site Isolation flaw caused by insufficient validation of untrusted input. According to the official description, a remote attacker who had already compromised the renderer process could use a crafted HTML page to bypass Site Isolation in Chrome versions before 148.0.7778.168. The issue is categorized by Chromium as High severity, while the CVSS entry on the NVD record is M [truncated]
CVE-2026-8527 is a high-severity Google Chrome vulnerability in the Downloads component caused by insufficient validation of untrusted input. According to the official record, a remote attacker could achieve arbitrary code execution by luring a user to a crafted HTML page. Google fixed the issue in Chrome 148.0.7778.168; versions before that release are affected.
CVE-2026-8526 is a high-severity memory corruption flaw in Google Chrome’s WebRTC component. According to the official description and Chromium references, a remote attacker could trigger an out-of-bounds write by getting a user to open a crafted HTML page, leading to arbitrary code execution inside the browser sandbox. The issue is fixed in Chrome 148.0.7778.168 and later.
CVE-2026-8524 is a high-severity Google Chrome issue in WebAudio. A crafted HTML page could trigger an out-of-bounds write and allow a remote attacker to execute code inside the browser sandbox. Google addressed the issue in Chrome 148.0.7778.168; systems running earlier versions should be updated promptly.
CVE-2026-8523 is a high-severity Chrome vulnerability in Mojo that can let a remote attacker who has already compromised the renderer process potentially escape the browser sandbox using a crafted HTML page. Google’s advisory indicates the fixed Chrome version is 148.0.7778.168, and the CVSS vector reflects a network-reachable issue with high impact but requiring user interaction.
CVE-2026-8521 is a use-after-free in Chrome's Tab Groups feature. The NVD record and Chrome vendor reference indicate that malicious network traffic could trigger arbitrary code execution in versions before 148.0.7778.168. Chromium rates the issue Critical, while NVD lists a CVSS 3.1 score of 7.5 (HIGH).
CVE-2026-8520 is a browser security issue in Google Chrome’s Payments component that could let a remote attacker potentially escape the sandbox by getting a user to load a crafted HTML page. The vulnerable range ends before Chrome 148.0.7778.168. Although the CVSS vector reflects required user interaction and high attack complexity, the impact is severe because the issue is rated Critical by Chromium and [truncated]
CVE-2026-8518 is a Blink use-after-free issue in Google Chrome versions prior to 148.0.7778.168. According to the CVE description, a remote attacker could trigger the flaw with a crafted HTML page and execute arbitrary code inside the browser sandbox. NVD assigns CVSS 8.8 (HIGH), while the Chromium security note classifies the issue as Critical. The CVE was published on 2026-05-14 and last modified on 202 [truncated]
CVE-2026-8516 is a Google Chrome / Chromium information-disclosure issue in DataTransfer. A remote attacker could trick a user into performing specific UI gestures on a crafted page and potentially read sensitive data from process memory. NVD lists CVSS 5.3 (Medium), while Chromium classified the issue as Critical.
CVE-2026-8515 is a Google Chrome vulnerability in HID caused by a use-after-free condition. According to the advisory and NVD record, a remote attacker who convinces a user to perform specific UI gestures via a crafted HTML page may potentially achieve sandbox escape. The issue affects Chrome versions prior to 148.0.7778.168 and is rated Critical by Chromium, with NVD listing CVSS 3.1 8.3 HIGH.
CVE-2026-8514 is a Google Chrome vulnerability in Aura that was publicly disclosed on 2026-05-14 and fixed in Chrome 148.0.7778.168. The issue is a use-after-free that could allow a remote attacker who had already compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page.
CVE-2026-8512 is a memory-safety issue in Google Chrome’s FileSystem component. According to the CVE record, a remote attacker who persuades a user to perform specific UI gestures on a crafted HTML page may potentially trigger a sandbox escape in Chrome versions prior to 148.0.7778.168. NVD rates the issue with a CVSS 3.1 vector of AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H, reflecting remote reach, required use [truncated]
CVE-2026-8511 is a critical Google Chrome vulnerability involving a use-after-free in UI code. According to the NVD record and Google’s advisory reference, a remote attacker could potentially achieve sandbox escape by getting a user to open a crafted HTML page. The issue affects Chrome versions prior to 148.0.7778.168.
CVE-2026-8509 is a critical memory corruption issue in Google Chrome’s WebML component. According to the official record, a crafted HTML page could trigger a heap buffer overflow and allow remote code execution inside the browser sandbox. Google’s release advisory and the Chromium issue tracker are the primary references, and the affected Chrome version range ends before 148.0.7778.168. This issue is rate [truncated]
Apple addressed CVE-2026-28955 with improved memory handling. The issue can be triggered by maliciously crafted web content and may cause an unexpected process crash, affecting Safari and multiple Apple operating systems until the listed fixed releases were installed.
Apple addressed CVE-2026-28940 with improved memory handling. According to the official description, a maliciously crafted image may corrupt process memory. The issue is rated HIGH severity in the supplied NVD data and is mapped to CWE-119. Apple lists fixes across iOS, iPadOS, macOS, tvOS, and visionOS releases.
Apple addressed CVE-2026-28847 with improved memory handling. According to the supplied NVD record and Apple advisories, processing maliciously crafted web content could cause an unexpected process crash. The issue is rated Medium severity in the source corpus and affects multiple Apple platforms until the listed fixed releases.
CVE-2026-7902 describes an out-of-bounds memory access in V8 used by Google Chrome. The supplied NVD record and Google Chrome stable-channel advisory indicate the issue is fixed in Chrome 148.0.7778.96, so the main defensive action is rapid browser patching on managed desktops and any user systems that may delay updates.
Apple addressed a privacy-focused logging issue in iOS and iPadOS that could cause notifications marked for deletion to remain on the device longer than expected. The fix is included in the listed point releases for supported older and current branches. Because the issue involves retained notification data and improved redaction, it is most relevant where sensitive notification content may have been expos [truncated]
CVE-2026-6312 is a Google Chrome desktop vulnerability in Passwords policy enforcement that could let an attacker who already compromised the renderer process leak cross-origin data from a crafted HTML page. The issue was fixed in Chrome 147.0.7727.101, and the source record classifies it as requiring network access, user interaction, and a prior renderer compromise, so it is not a standalone remote takeover flaw.
CVE-2026-5911 is a browser policy-bypass issue in Google Chrome ServiceWorkers. According to the official record, versions prior to 147.0.7727.55 could allow a remote attacker to bypass Content Security Policy by using a crafted HTML page. NVD rates the issue CVSS 3.1 4.3 (MEDIUM), with network attack vector, no privileges required, and user interaction required. Chromium’s own severity label is Low, but [truncated]
CVE-2026-5863 is a high-severity Google Chrome issue in V8 that could allow a remote attacker to execute arbitrary code inside a sandbox by getting a victim to open a crafted HTML page. Google’s stable-channel update says the fix is included in Chrome 147.0.7727.55 and later. Because the attack requires user interaction but no privileges, this should be treated as a priority browser patch.
CVE-2026-28882 is a privacy-related Apple issue where an app may be able to enumerate a user's installed apps. Apple says the fix was applied with improved checks, and the CVE is marked as fixed in iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. NVD rates the issue as local, with no privileges or user interaction required, and low confidentiality impact.
CVE-2026-28878 is a privacy-focused information disclosure issue in Apple platforms. According to the supplied record, the flaw was addressed by removing sensitive data, and an app may have been able to enumerate a user’s installed apps. Apple released fixes across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS; updating to the listed fixed versions is the primary mitigation.
Apple disclosed CVE-2026-28877 on 2026-03-25. The issue is described as an authorization problem fixed with improved state management, and Apple says an app may be able to access sensitive user data. Apple’s listed fixes cover iOS 18.7.9 and 26.4, iPadOS 18.7.9 and 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4. NVD rates the issue as medium severity (CV [truncated]
CVE-2026-28870 is an Apple information-leakage vulnerability that was addressed with additional validation. According to Apple’s advisory text, an app may be able to access sensitive user data. Apple states the issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. NVD classifies the issue as a local, low-privilege, no-user-i [truncated]