Skip to main content
CVE-2025-31277 HIGH POC KEV PATCH THREAT Act Now

WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day.

Buffer Overflow Apple Ipados Iphone Os Tvos +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2025-45620 HIGH POC This Week

Sensitive information disclosure in AVer PTC310UV2 professional PTZ tracking camera firmware version 0.1.0000.59 allows a remote, unauthenticated attacker to retrieve confidential data by sending a specially crafted request to the device. The flaw (CWE-200) carries a high CVSS 8.1 and has publicly available exploit code (GitHub weedl/CVE-2025-45620), though it is not listed in CISA KEV and EPSS remains low at 0.96% (57th percentile), indicating no confirmed widespread exploitation yet.

Information Disclosure Ptc310Uv2 Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-45955 HIGH POC This Week

Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zena
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-31278 HIGH PATCH This Week

Memory corruption in Apple's WebKit browser engine across Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, and other Apple operating systems allows remote attackers to achieve arbitrary code execution via maliciously crafted web content requiring only user interaction (visiting a malicious webpage). With CVSS 8.8 (High), the vulnerability enables complete system compromise (high confidentiality, integrity, and availability impact) but carries relatively low real-world exploitation probability (EPSS 0.10%, 27th percentile). No public exploit identified at time of analysis, and vendor-released patches are available across all affected platforms as of July-August 2025.

Apple Safari iOS macOS Memory Corruption +7
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-31273 HIGH PATCH This Week

Memory corruption in WebKit browser engine allows remote code execution across Apple's ecosystem (Safari 18.6, iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6) when users interact with maliciously crafted web content. The vulnerability stems from improper memory handling (CWE-119 buffer overflow) and requires no authentication but user interaction to trigger. EPSS score of 0.10% (26th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS 8.8 rating reflects the potential for complete system compromise if successfully exploited.

Apple Safari iOS macOS Memory Corruption +7
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-43270 HIGH This Week

macOS sandbox escape vulnerability allows locally installed applications to bypass Local Network access restrictions and perform unauthorized network operations. Affects macOS Ventura (pre-13.7.7), Sonoma (pre-14.7.7), and Sequoia (pre-15.6). CVSS 8.8 reflects high impact on confidentiality, integrity, and availability with scope change, but requires local access with low privileges (PR:L). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis, and not listed in CISA KEV. Real-world risk centers on malicious apps installed by legitimate users bypassing Apple's network privacy controls.

Apple macOS Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-50777 HIGH This Week

Privilege escalation to root shell in the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera firmware (V1.00.02) lets a locally-positioned attacker bypass access controls and obtain a root shell on the device. Once root is reached, the camera exposes stored Wi-Fi credentials and ONVIF service credentials in plaintext, giving the attacker a pivot into the victim's wireless network and any ONVIF-connected surveillance infrastructure. There is no public exploit identified at time of analysis and EPSS is low (0.16%, 5th percentile), indicating limited widespread automated exploitation interest.

Authentication Bypass 2Mp Full Hd Smart Wi Fi Cctv Home Security Camera Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-43277 HIGH This Week

Memory corruption in Apple's audio processing framework across iOS, macOS, tvOS, visionOS, and watchOS allows local attackers to achieve arbitrary code execution by tricking users into opening malicious audio files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.8, tvOS 18.6, visionOS 2.6, and watchOS 11.6. Despite a high CVSS score of 7.8, the 2% EPSS probability indicates low observed exploitation likelihood, with no public exploit identified at time of analysis and no CISA KEV listing.

Apple iOS macOS Memory Corruption
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24119 HIGH This Week

Sandbox escape and privilege escalation in macOS 13.7.x through 15.2.x allow local authenticated users to execute arbitrary code outside application sandboxes or gain elevated privileges via state management flaws. Apple patched this in macOS Ventura 13.7.7, Sonoma 14.7.7, and Sequoia 15.3. With EPSS at 0.02% (5th percentile) and no public exploit identified at time of analysis, real-world risk remains low despite the high CVSS score, though local attackers with existing user-level access could leverage this for post-exploitation privilege escalation.

Apple macOS RCE Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-31243 HIGH This Week

Privilege escalation in macOS Sequoia 15.x, Sonoma 14.x, and Ventura 13.x allows local applications to gain root privileges through a permissions enforcement weakness. The vulnerability requires user interaction but no authentication, enabling malicious applications to achieve complete system compromise. Fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. No public exploit identified at time of analysis, with EPSS score of 0.01% (2nd percentile) indicating minimal observed exploitation likelihood.

Apple macOS Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24224 HIGH This Week

Remote denial-of-service in Apple operating systems (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) allows unauthenticated network attackers to trigger unexpected system termination via improved checks bypass. Affects multiple OS versions prior to their respective May 2025 updates (iOS/iPadOS 18.5/17.7.9, macOS Sequoia 15.5/Ventura 13.7.7, tvOS 18.5, visionOS 2.5, watchOS 11.5). No public exploit identified at time of analysis. EPSS probability of 0.27% (51st percentile) suggests relatively low observed exploitation activity, though the network-accessible attack vector and lack of authentication requirements (CVSS AV:N/PR:N) create broad exposure surface across Apple's ecosystem.

Apple iOS Denial Of Service Ipados Iphone Os +3
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-43223 HIGH This Week

Improper input validation in Apple's network configuration subsystem across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows unauthenticated remote attackers to trigger denial-of-service conditions and enables non-privileged local users to modify restricted network settings. Fixed in iOS/iPadOS 18.6/17.7.9, macOS Sequoia 15.6, Sonoma 14.7.7, Ventura 13.7.7, tvOS 18.6, visionOS 2.6, and watchOS 11.6. EPSS score of 0.15% (36th percentile) indicates low predicted exploitation probability, and no public exploit identified at time of analysis.

Apple iOS macOS Denial Of Service Privilege Escalation +5
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-43227 HIGH PATCH This Week

Information disclosure vulnerability in WebKit across Apple's ecosystem allows unauthenticated remote attackers to extract sensitive user information through maliciously crafted web content. The flaw affects Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, visionOS 2.x, and watchOS 11.x, stemming from improper state management (CWE-359). Despite a CVSS score of 7.5, real-world exploitation risk remains relatively low with 0.13% EPSS probability and no public exploit identified at time of analysis. Vendor-released patches are available across all affected platforms.

Apple Safari iOS macOS Information Disclosure +7
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43254 HIGH This Week

Out-of-bounds read in macOS file processing can expose sensitive memory and crash applications when victims open maliciously crafted files. Affects macOS Ventura 13.x, Sonoma 14.x, and Sequoia 15.x prior to patched versions (13.7.7, 14.7.7, 15.6 respectively). Requires local access and user interaction (CVSS AV:L/UI:R). EPSS score of 0.02% (4th percentile) indicates minimal observed exploitation likelihood. No CISA KEV listing or public exploit identified at time of analysis, suggesting low immediate threat despite CVSS 7.1 rating.

Apple macOS Denial Of Service
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-43224 HIGH This Week

Out-of-bounds memory access in Apple media processing components affects iOS, iPadOS, macOS, tvOS, and visionOS, allowing local attackers to crash applications or corrupt memory via malicious media files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, and visionOS 2.6. EPSS score of 0.02% (4th percentile) indicates minimal observed exploitation probability, and no public exploit identified at time of analysis, suggesting lower immediate risk despite CVSS 7.1 rating.

Apple iOS macOS Buffer Overflow Denial Of Service +4
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-43221 HIGH This Week

Out-of-bounds read vulnerability in Apple media processing frameworks allows local attackers to cause application crashes or disclose sensitive process memory by tricking users into opening malicious media files. Affects iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, and visionOS 2.x prior to July 2025 security updates. No public exploit identified at time of analysis, with EPSS score of 0.02% indicating minimal observed exploitation activity. User interaction required (opening crafted file) reduces immediate risk despite 7.1 CVSS score.

Apple iOS macOS Buffer Overflow Denial Of Service +5
NVD
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy