Skip to main content

iOS

574 CVEs product

Monthly

CVE-2025-43282 MEDIUM This Month

Double free memory management vulnerability in Apple operating systems (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) allows local apps to trigger unexpected system termination through memory corruption. Affecting iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, macOS Ventura 13.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation confirmed; EPSS score of 0.01% indicates minimal real-world exploitation probability despite moderate CVSS rating.

Apple iOS macOS Memory Corruption Denial Of Service +5
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43280 MEDIUM This Month

Mail in Lockdown Mode on iOS and iPadOS allows information disclosure through remote image loading when forwarding emails, bypassing Lockdown Mode's protections designed to prevent such tracking. Apple released patches in iOS 18.6 and iPadOS 18.6 that prevent remote image loading in this scenario. The vulnerability requires user interaction (forwarding an email) and affects unauthenticated remote attackers, with an EPSS score of 0.03% indicating low real-world exploitation probability despite the network attack vector.

Apple iOS Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-53322 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Wait for io return on terminate rport System crash due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Memory Corruption Apple Use After Free Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-31254 MEDIUM This Month

This issue was addressed with improved URL validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Safari Ipados Iphone Os +1
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-30468 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55177 MEDIUM KEV THREAT Act Now

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Authentication Bypass Apple Whatsapp Whatsapp Business iOS
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2025-38557 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Canonical Debian Linux Apple +5
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43277 HIGH This Week

Memory corruption in Apple's audio processing framework across iOS, macOS, tvOS, visionOS, and watchOS allows local attackers to achieve arbitrary code execution by tricking users into opening malicious audio files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.8, tvOS 18.6, visionOS 2.6, and watchOS 11.6. Despite a high CVSS score of 7.8, the 2% EPSS probability indicates low observed exploitation likelihood, with no public exploit identified at time of analysis and no CISA KEV listing.

Apple iOS macOS Memory Corruption
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43265 MEDIUM PATCH This Month

Out-of-bounds read in Apple Safari and system WebKit implementations allows local attackers to disclose internal application state by processing maliciously crafted web content, affecting Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. The vulnerability requires local access and user interaction but poses information disclosure risk with CVSS 4.0 and EPSS 0.02% (very low exploitation probability); no public exploit code or active exploitation has been identified.

Apple Safari iOS macOS Information Disclosure +7
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43234 CRITICAL Act Now

Memory corruption vulnerabilities in Apple's graphics texture processing engine across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allow remote code execution via maliciously crafted texture files. Affects all major Apple platforms prior to July 2025 updates (iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6). Despite a critical CVSS 9.8 score indicating network-exploitable remote code execution without authentication, EPSS shows only 0.18% exploitation probability (40th percentile), and no public exploit identified at time of analysis. The vulnerability requires processing specially crafted texture data, likely through applications handling untrusted image or 3D content.

Apple iOS macOS Memory Corruption Denial Of Service +5
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-43230 MEDIUM This Month

Insufficient permission checks in Apple operating systems allow local apps to access user-sensitive data without proper authorization. The vulnerability affects iOS 18.5 and earlier, iPadOS 18.5 and earlier (and iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unprivileged local application can exploit this to read sensitive user information by circumventing the permission model. No public exploit code has been identified at time of analysis, and EPSS scoring (0.02%, 4th percentile) indicates very low real-world exploitation probability despite the information disclosure impact.

Apple iOS Information Disclosure Privilege Escalation Ipados +4
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43228 MEDIUM PATCH This Month

Address bar spoofing in Apple Safari, iOS, and iPadOS allows remote attackers to deceive users about the website they are visiting through malicious web content, exploiting a user interface flaw that fails to adequately distinguish legitimate from spoofed address bar information. The vulnerability affects Safari before version 18.6, iOS before 18.6, and iPadOS before 18.6, and requires user interaction to visit a malicious site. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.04% reflects low real-world exploitation probability despite the network attack vector.

Apple Safari iOS Open Redirect Ipados +3
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-43227 HIGH PATCH This Week

Information disclosure vulnerability in WebKit across Apple's ecosystem allows unauthenticated remote attackers to extract sensitive user information through maliciously crafted web content. The flaw affects Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, visionOS 2.x, and watchOS 11.x, stemming from improper state management (CWE-359). Despite a CVSS score of 7.5, real-world exploitation risk remains relatively low with 0.13% EPSS probability and no public exploit identified at time of analysis. Vendor-released patches are available across all affected platforms.

Apple Safari iOS macOS Information Disclosure +7
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43226 MEDIUM This Month

Out-of-bounds memory read in Apple's image processing component allows local attackers without privileges to disclose sensitive process memory by supplying a maliciously crafted image, affecting iOS 18.5 and earlier, iPadOS 17.7.8 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation has been identified; exploitation requires local access and user interaction to process the malicious image. The EPSS score of 0.02% (5th percentile) indicates minimal real-world exploitation likelihood despite the broad platform impact.

Apple iOS macOS Information Disclosure Ipados +4
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43225 MEDIUM This Month

Local apps can access sensitive user data through inadequate log redaction in iPadOS and macOS, allowing information disclosure when a user interacts with a malicious application. Apple has released patches for iPadOS 17.7.9 and macOS versions 15.6 (Sequoia), 14.7.7 (Sonoma), and 13.7.7 (Ventura) that implement improved data redaction in logging. The EPSS score of 0.01% and absence of public exploit code indicate low real-world exploitation likelihood despite moderate CVSS scoring.

Apple iOS macOS Information Disclosure Ipados
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43224 HIGH This Week

Out-of-bounds memory access in Apple media processing components affects iOS, iPadOS, macOS, tvOS, and visionOS, allowing local attackers to crash applications or corrupt memory via malicious media files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, and visionOS 2.6. EPSS score of 0.02% (4th percentile) indicates minimal observed exploitation probability, and no public exploit identified at time of analysis, suggesting lower immediate risk despite CVSS 7.1 rating.

Apple iOS macOS Buffer Overflow Denial Of Service +4
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-43223 HIGH This Week

Improper input validation in Apple's network configuration subsystem across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows unauthenticated remote attackers to trigger denial-of-service conditions and enables non-privileged local users to modify restricted network settings. Fixed in iOS/iPadOS 18.6/17.7.9, macOS Sequoia 15.6, Sonoma 14.7.7, Ventura 13.7.7, tvOS 18.6, visionOS 2.6, and watchOS 11.6. EPSS score of 0.15% (36th percentile) indicates low predicted exploitation probability, and no public exploit identified at time of analysis.

Apple iOS macOS Denial Of Service Privilege Escalation +5
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-43222 CRITICAL Act Now

Use-after-free memory corruption in Apple's operating systems (iPadOS 17.x, macOS Sequoia 15.x, Sonoma 14.x, Ventura 13.x) allows network-based attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability was remediated by removing the vulnerable code entirely rather than patching it. Despite a critical CVSS 9.8 score, EPSS indicates only 0.08% exploitation probability (24th percentile), and no public exploit identified at time of analysis. Apple released patches in July 2025 across all affected platforms simultaneously.

Apple iOS macOS Use After Free Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43221 HIGH This Week

Out-of-bounds read vulnerability in Apple media processing frameworks allows local attackers to cause application crashes or disclose sensitive process memory by tricking users into opening malicious media files. Affects iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, and visionOS 2.x prior to July 2025 security updates. No public exploit identified at time of analysis, with EPSS score of 0.02% indicating minimal observed exploitation activity. User interaction required (opening crafted file) reduces immediate risk despite 7.1 CVSS score.

Apple iOS macOS Buffer Overflow Denial Of Service +5
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-43217 MEDIUM This Month

Privacy indicator bypass in Apple iOS and iPadOS allows local attackers to determine microphone or camera access without user notification. The vulnerability affects iOS 18.6 and earlier, and iPadOS 17.7.9 and earlier, enabling unauthorized monitoring of privacy-sensitive device activity. Apple has released patched versions (iOS 18.6, iPadOS 18.6, and iPadOS 17.7.9) that add logic to correctly display privacy indicators when microphone or camera access occurs. EPSS exploitation probability is very low at 0.02%, and no public exploit code has been identified.

Apple iOS Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43216 MEDIUM PATCH This Month

Safari and Apple operating systems contain a use-after-free vulnerability in web content processing that causes unexpected application crashes when users visit maliciously crafted websites. The flaw affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier (also iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Remote attackers can trigger a denial-of-service condition requiring only user interaction to visit a malicious page, with no elevated privileges required. Apple has released patches for all affected platforms; the EPSS score of 0.10% (28th percentile) indicates low real-world exploitation probability despite the accessibility of the attack vector.

Apple Safari iOS macOS Use After Free +8
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43212 MEDIUM PATCH This Month

Safari and related Apple platforms crash when processing maliciously crafted web content due to a memory handling vulnerability (buffer overflow). Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger a denial of service by hosting or injecting malicious web content, with user interaction required to visit the affected content. No public exploit code or active exploitation has been confirmed (EPSS 0.08% indicates minimal real-world exploitation activity to date).

Apple Safari iOS macOS Memory Corruption +8
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43211 MEDIUM PATCH This Month

Denial-of-service vulnerability in Apple's WebKit engine affects Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS through improper memory handling during web content processing. Local attackers without authentication can trigger this vulnerability via crafted web content to cause application crashes. Vendor-released patches are available across all affected platforms; EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite the moderate CVSS 6.2 rating.

Apple Safari iOS macOS Denial Of Service +8
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-43209 CRITICAL Act Now

Out-of-bounds write vulnerability in WebKit across Apple's entire operating system ecosystem allows remote code execution via maliciously crafted web content without user interaction or authentication. Affects iOS, iPadOS, macOS (Ventura through Sequoia), tvOS, visionOS, and watchOS prior to July 2025 security updates. Despite a critical 9.8 CVSS score indicating maximum severity, EPSS probability remains low at 0.14% (34th percentile), and no public exploit identified at time of analysis, suggesting limited observed exploitation attempts despite the theoretical remote attack surface.

Apple iOS macOS Safari Memory Corruption +6
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43186 CRITICAL Act Now

Buffer overflow memory corruption in Apple file parsing components allows remote code execution across iOS 18.6, iPadOS 18.6, macOS (Sequoia 15.6, Sonoma 14.7.7, Ventura 13.7.7), tvOS 18.6, visionOS 2.6, and watchOS 11.6. Unauthenticated attackers can trigger arbitrary code execution by delivering a maliciously crafted file requiring no user interaction beyond parsing. Despite CVSS 9.8 critical severity, EPSS score of 0.16% (37th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis and not listed in CISA KEV, suggesting theoretical risk exceeds current real-world threat activity.

Apple iOS Memory Corruption Denial Of Service Ipados +4
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-31281 CRITICAL Act Now

Memory handling flaws in Apple's operating systems allow unauthenticated remote attackers to cause information disclosure and application crashes by sending maliciously crafted files. Affects iOS 18.x prior to 18.6, iPadOS 18.x prior to 18.6, macOS Sequoia prior to 15.6, tvOS prior to 18.6, and visionOS prior to 2.6. CVSS 9.1 (Critical) reflects network-accessible attack vector with no authentication required, though EPSS probability remains low at 0.12% (32nd percentile), and no public exploit or active exploitation confirmed at time of analysis.

Apple iOS macOS Denial Of Service Ipados +3
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-31279 CRITICAL Act Now

Applications on Apple operating systems can fingerprint users through a permissions flaw that bypasses privacy restrictions. Affects macOS Ventura 13.x, Sonoma 14.x, Sequoia 15.x, and iPadOS 17.x with patches released in versions 13.7.7, 14.7.7, 15.6, and 17.7.9 respectively. CVSS 9.8 critical severity contradicts the low EPSS score (0.07%, 22nd percentile) and information disclosure nature, suggesting scoring misalignment. No public exploit identified at time of analysis, but the low technical barrier (network accessible, no authentication required per CVSS vector) makes this concerning for privacy-focused environments despite the limited impact scope of user fingerprinting.

Apple iOS macOS Information Disclosure Ipados
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-31278 HIGH PATCH This Week

Memory corruption in Apple's WebKit browser engine across Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, and other Apple operating systems allows remote attackers to achieve arbitrary code execution via maliciously crafted web content requiring only user interaction (visiting a malicious webpage). With CVSS 8.8 (High), the vulnerability enables complete system compromise (high confidentiality, integrity, and availability impact) but carries relatively low real-world exploitation probability (EPSS 0.10%, 27th percentile). No public exploit identified at time of analysis, and vendor-released patches are available across all affected platforms as of July-August 2025.

Apple Safari iOS macOS Memory Corruption +7
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-31273 HIGH PATCH This Week

Memory corruption in WebKit browser engine allows remote code execution across Apple's ecosystem (Safari 18.6, iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6) when users interact with maliciously crafted web content. The vulnerability stems from improper memory handling (CWE-119 buffer overflow) and requires no authentication but user interaction to trigger. EPSS score of 0.10% (26th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS 8.8 rating reflects the potential for complete system compromise if successfully exploited.

Apple Safari iOS macOS Memory Corruption +7
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-24224 HIGH This Week

Remote denial-of-service in Apple operating systems (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) allows unauthenticated network attackers to trigger unexpected system termination via improved checks bypass. Affects multiple OS versions prior to their respective May 2025 updates (iOS/iPadOS 18.5/17.7.9, macOS Sequoia 15.5/Ventura 13.7.7, tvOS 18.5, visionOS 2.5, watchOS 11.5). No public exploit identified at time of analysis. EPSS probability of 0.27% (51st percentile) suggests relatively low observed exploitation activity, though the network-accessible attack vector and lack of authentication requirements (CVSS AV:N/PR:N) create broad exposure surface across Apple's ecosystem.

Apple iOS Denial Of Service Ipados Iphone Os +3
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-49463 MEDIUM PATCH This Month

A security vulnerability in certain Zoom Clients for iOS (CVSS 6.5) that allows an unauthenticated user. Remediation should follow standard vulnerability management procedures.

Information Disclosure Apple Zoom iOS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53599 CRITICAL Act Now

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.

XSS Apple Whale iOS
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-49846 MEDIUM PATCH This Month

A security vulnerability in wire-ios (CVSS 4.1). Remediation should follow standard vulnerability management procedures.

Information Disclosure Apple iOS
NVD GitHub
CVSS 4.0
4.1
EPSS
0.0%
CVE-2025-45083 MEDIUM This Month

CVE-2025-45083 is a security vulnerability (CVSS 6.1) that allows attackers. Remediation should follow standard vulnerability management procedures.

Google Apple Authentication Bypass Android iOS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52573 npm MEDIUM PATCH This Month

iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context Protocol (MCP) server for interacting with iOS simulators. Versions prior to 1.3.3 are written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `ui_tap` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input. LLM exposed user input for `duration`, `udid`, and `x` and `y` args can be replaced with shell meta-characters like `;` or `&&` or others to change the behavior from running the expected command `idb` to another command. When LLMs are tricked through prompt injection (and other techniques and attack vectors) to call the tool with input that uses special shell characters such as `; rm -rf /tmp;#` and other payload variations, the full command-line text will be interepted by the shell and result in other commands except of `ps` executing on the host running the MCP Server. Version 1.3.3 contains a patch for the issue.

Node.js Apple Command Injection iOS
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-2091 MEDIUM PATCH This Month

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.

Apple Open Redirect Google M Files Mobile Android +1
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-29627 MEDIUM This Month

An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module

Apple Authentication Bypass Keeperchat iOS
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-5334 HIGH This Month

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Google Authentication Bypass Apple Remote Desktop Manager +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-4683 MEDIUM PATCH Monitor

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Apple Google WordPress Authentication Bypass Mstore Api +3
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2394 MEDIUM This Month

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure Authentication Bypass Android +1
NVD
CVSS 4.0
4.7
EPSS
0.1%
CVE-2025-31185 LOW Monitor

A logic issue was addressed with improved checks. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2025-31253 HIGH This Month

This issue was addressed through improved state management. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31227 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-31225 HIGH This Week

A privacy issue was addressed by removing sensitive data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-31214 HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-31207 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-30436 CRITICAL Act Now

This issue was addressed by restricting options offered on a locked device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-46335 PyPI HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS Apple Mobile Security Framework +3
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-3438 MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Apple Google WordPress Privilege Escalation Mstore Api +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-24091 MEDIUM This Month

An app could impersonate system notifications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-31202 MEDIUM This Month

A null pointer dereference was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service Ipados Iphone Os +4
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42977 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipad Os Iphone Os macOS +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42973 MEDIUM This Month

Private Browsing tabs may be accessed without authentication. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2023-42970 HIGH PATCH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption RCE Apple Safari +8
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-42969 LOW Monitor

An app may be able to break out of its sandbox. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-42961 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Path Traversal Ipados Iphone Os macOS +1
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-42875 HIGH PATCH This Week

Processing web content may lead to arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Apple Safari Ipados +7
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-38614 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os macOS +1
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-29796 MEDIUM Monitor

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Apple Edge iOS
NVD
CVSS 3.1
4.7
EPSS
1.6%
CVE-2025-31126 MEDIUM This Month

Element X iOS is a Matrix iOS Client provided by Element. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-21942 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix extent range end unlock in cow_file_range() Running generic/751 on the for-next branch often results in a hang. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apple Linux Denial Of Service Linux Kernel iOS +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-31192 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-30469 LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-30463 MEDIUM This Month

The issue was addressed with improved restriction of data container access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30434 MEDIUM This Month

The issue was addressed with improved input sanitization. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple XSS Ipados Iphone Os iOS
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-30428 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24208 MEDIUM PATCH This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-24202 MEDIUM This Month

A logging issue was addressed with improved data redaction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24193 LOW Monitor

This issue was addressed with improved authentication. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-2909 MEDIUM This Month

The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2024-44276 HIGH This Week

This issue was addressed by using HTTPS when sending information over the network. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2022-48610 MEDIUM This Month

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. [CVSS 5.5 MEDIUM]

Denial Of Service macOS iOS Apple
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-43454 HIGH This Week

A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. [CVSS 7.8 HIGH]

Linux Denial Of Service macOS iOS Apple
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-54558 LOW Monitor

A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.8 LOW]

Denial Of Service macOS iOS Apple
NVD
CVSS 3.1
2.8
EPSS
0.1%
CVE-2024-44227 HIGH This Week

The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 7.5 HIGH]

Linux Denial Of Service Apple macOS iOS
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-44179 LOW Monitor

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.4 LOW]

Denial Of Service Apple macOS iOS
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2021-41719 HIGH This Week

Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using the GET method to process requests that contain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-55907 LOW Monitor

IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions,. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

Apple IBM Information Disclosure Cognos Analytics Mobile iOS
NVD
CVSS 3.1
2.0
EPSS
0.1%
CVE-2025-25329 MEDIUM This Month

An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-25334 MEDIUM This Month

An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-25333 HIGH This Week

An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-25331 MEDIUM This Month

An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-25330 MEDIUM This Month

An issue in Boohee Technology Boohee Health iOS 13.0.13 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-25326 MEDIUM This Month

An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-25325 MEDIUM This Month

An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-25324 MEDIUM This Month

An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-25323 MEDIUM This Month

An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21750 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Apple Null Pointer Dereference Linux Denial Of Service Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21742 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within the URB based. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Linux Buffer Overflow Apple Linux Kernel +3
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2022-49394 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apple Linux Information Disclosure Linux Kernel iOS +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM This Month

Double free memory management vulnerability in Apple operating systems (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) allows local apps to trigger unexpected system termination through memory corruption. Affecting iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, macOS Ventura 13.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation confirmed; EPSS score of 0.01% indicates minimal real-world exploitation probability despite moderate CVSS rating.

Apple iOS macOS +7
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Mail in Lockdown Mode on iOS and iPadOS allows information disclosure through remote image loading when forwarding emails, bypassing Lockdown Mode's protections designed to prevent such tracking. Apple released patches in iOS 18.6 and iPadOS 18.6 that prevent remote image loading in this scenario. The vulnerability requires user interaction (forwarding an email) and affects unauthenticated remote attackers, with an EPSS score of 0.03% indicating low real-world exploitation probability despite the network attack vector.

Apple iOS Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Wait for io return on terminate rport System crash due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Memory Corruption Apple +6
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

This issue was addressed with improved URL validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Safari +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 1% CVSS 5.4
MEDIUM KEV THREAT Act Now

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Authentication Bypass Apple Whatsapp +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Canonical Debian +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Apple's audio processing framework across iOS, macOS, tvOS, visionOS, and watchOS allows local attackers to achieve arbitrary code execution by tricking users into opening malicious audio files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.8, tvOS 18.6, visionOS 2.6, and watchOS 11.6. Despite a high CVSS score of 7.8, the 2% EPSS probability indicates low observed exploitation likelihood, with no public exploit identified at time of analysis and no CISA KEV listing.

Apple iOS macOS +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Out-of-bounds read in Apple Safari and system WebKit implementations allows local attackers to disclose internal application state by processing maliciously crafted web content, affecting Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. The vulnerability requires local access and user interaction but poses information disclosure risk with CVSS 4.0 and EPSS 0.02% (very low exploitation probability); no public exploit code or active exploitation has been identified.

Apple Safari iOS +9
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Memory corruption vulnerabilities in Apple's graphics texture processing engine across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allow remote code execution via maliciously crafted texture files. Affects all major Apple platforms prior to July 2025 updates (iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6). Despite a critical CVSS 9.8 score indicating network-exploitable remote code execution without authentication, EPSS shows only 0.18% exploitation probability (40th percentile), and no public exploit identified at time of analysis. The vulnerability requires processing specially crafted texture data, likely through applications handling untrusted image or 3D content.

Apple iOS macOS +7
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Insufficient permission checks in Apple operating systems allow local apps to access user-sensitive data without proper authorization. The vulnerability affects iOS 18.5 and earlier, iPadOS 18.5 and earlier (and iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unprivileged local application can exploit this to read sensitive user information by circumventing the permission model. No public exploit code has been identified at time of analysis, and EPSS scoring (0.02%, 4th percentile) indicates very low real-world exploitation probability despite the information disclosure impact.

Apple iOS Information Disclosure +6
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Address bar spoofing in Apple Safari, iOS, and iPadOS allows remote attackers to deceive users about the website they are visiting through malicious web content, exploiting a user interface flaw that fails to adequately distinguish legitimate from spoofed address bar information. The vulnerability affects Safari before version 18.6, iOS before 18.6, and iPadOS before 18.6, and requires user interaction to visit a malicious site. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.04% reflects low real-world exploitation probability despite the network attack vector.

Apple Safari iOS +5
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure vulnerability in WebKit across Apple's ecosystem allows unauthenticated remote attackers to extract sensitive user information through maliciously crafted web content. The flaw affects Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, visionOS 2.x, and watchOS 11.x, stemming from improper state management (CWE-359). Despite a CVSS score of 7.5, real-world exploitation risk remains relatively low with 0.13% EPSS probability and no public exploit identified at time of analysis. Vendor-released patches are available across all affected platforms.

Apple Safari iOS +9
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Out-of-bounds memory read in Apple's image processing component allows local attackers without privileges to disclose sensitive process memory by supplying a maliciously crafted image, affecting iOS 18.5 and earlier, iPadOS 17.7.8 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation has been identified; exploitation requires local access and user interaction to process the malicious image. The EPSS score of 0.02% (5th percentile) indicates minimal real-world exploitation likelihood despite the broad platform impact.

Apple iOS macOS +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Local apps can access sensitive user data through inadequate log redaction in iPadOS and macOS, allowing information disclosure when a user interacts with a malicious application. Apple has released patches for iPadOS 17.7.9 and macOS versions 15.6 (Sequoia), 14.7.7 (Sonoma), and 13.7.7 (Ventura) that implement improved data redaction in logging. The EPSS score of 0.01% and absence of public exploit code indicate low real-world exploitation likelihood despite moderate CVSS scoring.

Apple iOS macOS +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Out-of-bounds memory access in Apple media processing components affects iOS, iPadOS, macOS, tvOS, and visionOS, allowing local attackers to crash applications or corrupt memory via malicious media files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, and visionOS 2.6. EPSS score of 0.02% (4th percentile) indicates minimal observed exploitation probability, and no public exploit identified at time of analysis, suggesting lower immediate risk despite CVSS 7.1 rating.

Apple iOS macOS +6
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper input validation in Apple's network configuration subsystem across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows unauthenticated remote attackers to trigger denial-of-service conditions and enables non-privileged local users to modify restricted network settings. Fixed in iOS/iPadOS 18.6/17.7.9, macOS Sequoia 15.6, Sonoma 14.7.7, Ventura 13.7.7, tvOS 18.6, visionOS 2.6, and watchOS 11.6. EPSS score of 0.15% (36th percentile) indicates low predicted exploitation probability, and no public exploit identified at time of analysis.

Apple iOS macOS +7
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Use-after-free memory corruption in Apple's operating systems (iPadOS 17.x, macOS Sequoia 15.x, Sonoma 14.x, Ventura 13.x) allows network-based attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability was remediated by removing the vulnerable code entirely rather than patching it. Despite a critical CVSS 9.8 score, EPSS indicates only 0.08% exploitation probability (24th percentile), and no public exploit identified at time of analysis. Apple released patches in July 2025 across all affected platforms simultaneously.

Apple iOS macOS +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Out-of-bounds read vulnerability in Apple media processing frameworks allows local attackers to cause application crashes or disclose sensitive process memory by tricking users into opening malicious media files. Affects iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, and visionOS 2.x prior to July 2025 security updates. No public exploit identified at time of analysis, with EPSS score of 0.02% indicating minimal observed exploitation activity. User interaction required (opening crafted file) reduces immediate risk despite 7.1 CVSS score.

Apple iOS macOS +7
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Privacy indicator bypass in Apple iOS and iPadOS allows local attackers to determine microphone or camera access without user notification. The vulnerability affects iOS 18.6 and earlier, and iPadOS 17.7.9 and earlier, enabling unauthorized monitoring of privacy-sensitive device activity. Apple has released patched versions (iOS 18.6, iPadOS 18.6, and iPadOS 17.7.9) that add logic to correctly display privacy indicators when microphone or camera access occurs. EPSS exploitation probability is very low at 0.02%, and no public exploit code has been identified.

Apple iOS Information Disclosure +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Safari and Apple operating systems contain a use-after-free vulnerability in web content processing that causes unexpected application crashes when users visit maliciously crafted websites. The flaw affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier (also iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Remote attackers can trigger a denial-of-service condition requiring only user interaction to visit a malicious page, with no elevated privileges required. Apple has released patches for all affected platforms; the EPSS score of 0.10% (28th percentile) indicates low real-world exploitation probability despite the accessibility of the attack vector.

Apple Safari iOS +10
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Safari and related Apple platforms crash when processing maliciously crafted web content due to a memory handling vulnerability (buffer overflow). Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger a denial of service by hosting or injecting malicious web content, with user interaction required to visit the affected content. No public exploit code or active exploitation has been confirmed (EPSS 0.08% indicates minimal real-world exploitation activity to date).

Apple Safari iOS +10
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Denial-of-service vulnerability in Apple's WebKit engine affects Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS through improper memory handling during web content processing. Local attackers without authentication can trigger this vulnerability via crafted web content to cause application crashes. Vendor-released patches are available across all affected platforms; EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite the moderate CVSS 6.2 rating.

Apple Safari iOS +10
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Out-of-bounds write vulnerability in WebKit across Apple's entire operating system ecosystem allows remote code execution via maliciously crafted web content without user interaction or authentication. Affects iOS, iPadOS, macOS (Ventura through Sequoia), tvOS, visionOS, and watchOS prior to July 2025 security updates. Despite a critical 9.8 CVSS score indicating maximum severity, EPSS probability remains low at 0.14% (34th percentile), and no public exploit identified at time of analysis, suggesting limited observed exploitation attempts despite the theoretical remote attack surface.

Apple iOS macOS +8
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Buffer overflow memory corruption in Apple file parsing components allows remote code execution across iOS 18.6, iPadOS 18.6, macOS (Sequoia 15.6, Sonoma 14.7.7, Ventura 13.7.7), tvOS 18.6, visionOS 2.6, and watchOS 11.6. Unauthenticated attackers can trigger arbitrary code execution by delivering a maliciously crafted file requiring no user interaction beyond parsing. Despite CVSS 9.8 critical severity, EPSS score of 0.16% (37th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis and not listed in CISA KEV, suggesting theoretical risk exceeds current real-world threat activity.

Apple iOS Memory Corruption +6
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Memory handling flaws in Apple's operating systems allow unauthenticated remote attackers to cause information disclosure and application crashes by sending maliciously crafted files. Affects iOS 18.x prior to 18.6, iPadOS 18.x prior to 18.6, macOS Sequoia prior to 15.6, tvOS prior to 18.6, and visionOS prior to 2.6. CVSS 9.1 (Critical) reflects network-accessible attack vector with no authentication required, though EPSS probability remains low at 0.12% (32nd percentile), and no public exploit or active exploitation confirmed at time of analysis.

Apple iOS macOS +5
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Applications on Apple operating systems can fingerprint users through a permissions flaw that bypasses privacy restrictions. Affects macOS Ventura 13.x, Sonoma 14.x, Sequoia 15.x, and iPadOS 17.x with patches released in versions 13.7.7, 14.7.7, 15.6, and 17.7.9 respectively. CVSS 9.8 critical severity contradicts the low EPSS score (0.07%, 22nd percentile) and information disclosure nature, suggesting scoring misalignment. No public exploit identified at time of analysis, but the low technical barrier (network accessible, no authentication required per CVSS vector) makes this concerning for privacy-focused environments despite the limited impact scope of user fingerprinting.

Apple iOS macOS +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in Apple's WebKit browser engine across Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, and other Apple operating systems allows remote attackers to achieve arbitrary code execution via maliciously crafted web content requiring only user interaction (visiting a malicious webpage). With CVSS 8.8 (High), the vulnerability enables complete system compromise (high confidentiality, integrity, and availability impact) but carries relatively low real-world exploitation probability (EPSS 0.10%, 27th percentile). No public exploit identified at time of analysis, and vendor-released patches are available across all affected platforms as of July-August 2025.

Apple Safari iOS +9
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in WebKit browser engine allows remote code execution across Apple's ecosystem (Safari 18.6, iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6) when users interact with maliciously crafted web content. The vulnerability stems from improper memory handling (CWE-119 buffer overflow) and requires no authentication but user interaction to trigger. EPSS score of 0.10% (26th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS 8.8 rating reflects the potential for complete system compromise if successfully exploited.

Apple Safari iOS +9
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service in Apple operating systems (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) allows unauthenticated network attackers to trigger unexpected system termination via improved checks bypass. Affects multiple OS versions prior to their respective May 2025 updates (iOS/iPadOS 18.5/17.7.9, macOS Sequoia 15.5/Ventura 13.7.7, tvOS 18.5, visionOS 2.5, watchOS 11.5). No public exploit identified at time of analysis. EPSS probability of 0.27% (51st percentile) suggests relatively low observed exploitation activity, though the network-accessible attack vector and lack of authentication requirements (CVSS AV:N/PR:N) create broad exposure surface across Apple's ecosystem.

Apple iOS Denial Of Service +5
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A security vulnerability in certain Zoom Clients for iOS (CVSS 6.5) that allows an unauthenticated user. Remediation should follow standard vulnerability management procedures.

Information Disclosure Apple Zoom +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.

XSS Apple Whale +1
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

A security vulnerability in wire-ios (CVSS 4.1). Remediation should follow standard vulnerability management procedures.

Information Disclosure Apple iOS
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

CVE-2025-45083 is a security vulnerability (CVSS 6.1) that allows attackers. Remediation should follow standard vulnerability management procedures.

Google Apple Authentication Bypass +2
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context Protocol (MCP) server for interacting with iOS simulators. Versions prior to 1.3.3 are written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `ui_tap` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input. LLM exposed user input for `duration`, `udid`, and `x` and `y` args can be replaced with shell meta-characters like `;` or `&&` or others to change the behavior from running the expected command `idb` to another command. When LLMs are tricked through prompt injection (and other techniques and attack vectors) to call the tool with input that uses special shell characters such as `; rm -rf /tmp;#` and other payload variations, the full command-line text will be interepted by the shell and result in other commands except of `ps` executing on the host running the MCP Server. Version 1.3.3 contains a patch for the issue.

Node.js Apple Command Injection +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.

Apple Open Redirect Google +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module

Apple Authentication Bypass Keeperchat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Month

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Google Authentication Bypass +6
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Apple Google WordPress +5
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure +3
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A logic issue was addressed with improved checks. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 7.1
HIGH This Month

This issue was addressed through improved state management. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A privacy issue was addressed by removing sensitive data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 7.7
HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

This issue was addressed by restricting options offered on a locked device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS +5
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Apple Google WordPress +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An app could impersonate system notifications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A null pointer dereference was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipad Os +3
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Private Browsing tabs may be accessed without authentication. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption RCE +10
NVD
EPSS 0% CVSS 3.3
LOW Monitor

An app may be able to break out of its sandbox. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +3
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Path Traversal Ipados +3
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Processing web content may lead to arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Apple +9
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +3
NVD
EPSS 2% CVSS 4.7
MEDIUM Monitor

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Apple +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Element X iOS is a Matrix iOS Client provided by Element. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix extent range end unlock in cow_file_range() Running generic/751 on the for-next branch often results in a hang. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apple Linux Denial Of Service +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari +4
NVD
EPSS 0% CVSS 2.4
LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved restriction of data container access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +3
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The issue was addressed with improved input sanitization. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple XSS Ipados +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logging issue was addressed with improved data redaction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +3
NVD
EPSS 0% CVSS 2.4
LOW Monitor

This issue was addressed with improved authentication. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD
EPSS 0% CVSS 7.3
HIGH This Week

This issue was addressed by using HTTPS when sending information over the network. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. [CVSS 5.5 MEDIUM]

Denial Of Service macOS iOS +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. [CVSS 7.8 HIGH]

Linux Denial Of Service macOS +2
NVD
EPSS 0% CVSS 2.8
LOW Monitor

A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.8 LOW]

Denial Of Service macOS iOS +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 7.5 HIGH]

Linux Denial Of Service Apple +2
NVD
EPSS 0% CVSS 2.4
LOW Monitor

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.4 LOW]

Denial Of Service Apple macOS +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using the GET method to process requests that contain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD
EPSS 0% CVSS 2.0
LOW Monitor

IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions,. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

Apple IBM Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue in Boohee Technology Boohee Health iOS 13.0.13 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Apple Null Pointer Dereference Linux +5
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within the URB based. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Linux Buffer Overflow +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apple Linux Information Disclosure +4
NVD
Prev Page 2 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy