Skip to main content

Safari

932 CVEs product

Monthly

CVE-2026-20691 MEDIUM PATCH This Month

An authorization and state management flaw in Apple's WebKit browser engine allows maliciously crafted webpages to fingerprint users by exploiting improper state handling during web interactions. This vulnerability affects Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4 across all Apple platforms. An attacker can exploit this by hosting a specially crafted webpage that leverages the state management weakness to extract browser or device identifiers without user knowledge, enabling user tracking and profiling attacks. No CVSS score, EPSS data, or public proof-of-concept details are currently available, though Apple has released fixes across all affected platforms.

Apple Information Disclosure Safari macOS iOS +2
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20665 MEDIUM PATCH This Month

This vulnerability allows attackers to bypass Content Security Policy (CSP) enforcement in Apple's WebKit engine through maliciously crafted web content, affecting Safari and all Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability stems from improper state management during web content processing, enabling attackers to circumvent a critical security control that prevents injection attacks and unauthorized script execution. While no CVSS score or EPSS data is currently available, the broad platform impact across Apple's entire ecosystem and the fundamental nature of CSP bypass as an information disclosure vector indicate significant real-world risk.

Apple Information Disclosure Safari macOS iOS +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46282 MEDIUM This Month

Safari and macOS allow local authenticated applications to access sensitive user data through improper permission enforcement. The vulnerability affects Safari versions prior to 26.2 and macOS versions prior to Tahoe 26.2, exploitable by apps running with user-level privileges that can bypass authorization checks to read protected user information. Apple has released patched versions with additional permission validation; EPSS data indicates minimal real-world exploitation likelihood despite the authenticated local attack vector.

Apple Safari macOS Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43536 MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit rendering engine allows remote attackers to crash Safari and iOS/iPadOS applications by processing maliciously crafted web content, requiring only user interaction (page visit) and no authentication. The vulnerability affects Safari 26.2, iOS 18.7.3 and iOS 26.2, iPadOS 18.7.3 and iPadOS 26.2, and macOS Tahoe 26.2 and earlier versions. With an EPSS score of 0.06% and no public exploit confirmed, this represents a low real-world exploitation priority despite the moderate CVSS 4.3 severity rating, with impact limited to denial of service through process termination.

Apple Safari iOS macOS Use After Free +5
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43531 LOW Monitor

Safari and Apple operating systems contain a race condition that crashes the rendering process when processing maliciously crafted web content, affecting Safari 26.2 and earlier, iOS 18.7.3 and earlier, iPadOS 18.7.3 and earlier, macOS Tahoe 26.2 and earlier, tvOS 26.2 and earlier, visionOS 26.2 and earlier, and watchOS 26.2 and earlier. The vulnerability requires user interaction (clicking a malicious link or visiting a hostile website) and has high attack complexity, resulting in denial of service through process crash rather than data compromise. No public exploit code has been identified, EPSS exploitation probability is very low at 0.12%, and Apple has released patched versions across all affected platforms.

Apple Safari iOS macOS Race Condition +6
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-43526 CRITICAL Act Now

Apple Safari and macOS Lockdown Mode can be bypassed to access restricted Web APIs through maliciously crafted file URLs due to insufficient URL validation. Affects Safari 26.2 and macOS Tahoe 26.2 on systems with Lockdown Mode enabled. Remote attackers can potentially execute high-impact attacks leveraging APIs meant to be restricted in high-security configurations. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis. This represents a serious compromise of Apple's enhanced security feature designed to protect high-risk users from targeted attacks.

Apple Safari macOS Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-62593 PyPI CRITICAL PATCH Act Now

Ray is an AI compute engine. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Code Injection Mozilla Firefox +2
NVD GitHub
CVSS 4.0
9.4
EPSS
0.0%
CVE-2023-43000 HIGH POC KEV PATCH THREAT Act Now

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption Buffer Overflow Apple Use After Free Safari +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2025-31254 MEDIUM This Month

This issue was addressed with improved URL validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Safari Ipados Iphone Os +1
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-43265 MEDIUM PATCH This Month

Out-of-bounds read in Apple Safari and system WebKit implementations allows local attackers to disclose internal application state by processing maliciously crafted web content, affecting Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. The vulnerability requires local access and user interaction but poses information disclosure risk with CVSS 4.0 and EPSS 0.02% (very low exploitation probability); no public exploit code or active exploitation has been identified.

Apple Safari iOS macOS Information Disclosure +7
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43240 MEDIUM PATCH This Month

Safari and macOS contain a logic flaw that allows incorrect association of a download's origin, potentially disclosing information about file provenance to local attackers. The vulnerability affects Safari 18.6 and earlier, plus macOS Sequoia 15.6 and earlier, and requires local access (no authentication needed) to exploit. This is a low-exploitation-probability issue (EPSS 0.03%) with no confirmed active exploitation or public POC at time of analysis.

Apple Safari macOS Information Disclosure Red Hat +1
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-43229 MEDIUM This Month

Universal cross-site scripting (XSS) in Safari and macOS allows remote attackers to execute arbitrary JavaScript in the context of visited websites by processing maliciously crafted web content. The vulnerability affects Safari 18.5 and earlier, and macOS Sequoia 15.5 and earlier, and is fixed in Safari 18.6 and macOS Sequoia 15.6. Attack requires user interaction (clicking a malicious link or visiting a compromised site) but carries no authentication requirement. EPSS score of 0.04% indicates low real-world exploitation probability despite the moderate CVSS rating.

Apple Safari macOS XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-43228 MEDIUM PATCH This Month

Address bar spoofing in Apple Safari, iOS, and iPadOS allows remote attackers to deceive users about the website they are visiting through malicious web content, exploiting a user interface flaw that fails to adequately distinguish legitimate from spoofed address bar information. The vulnerability affects Safari before version 18.6, iOS before 18.6, and iPadOS before 18.6, and requires user interaction to visit a malicious site. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.04% reflects low real-world exploitation probability despite the network attack vector.

Apple Safari iOS Open Redirect Ipados +3
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-43227 HIGH PATCH This Week

Information disclosure vulnerability in WebKit across Apple's ecosystem allows unauthenticated remote attackers to extract sensitive user information through maliciously crafted web content. The flaw affects Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, visionOS 2.x, and watchOS 11.x, stemming from improper state management (CWE-359). Despite a CVSS score of 7.5, real-world exploitation risk remains relatively low with 0.13% EPSS probability and no public exploit identified at time of analysis. Vendor-released patches are available across all affected platforms.

Apple Safari iOS macOS Information Disclosure +7
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43216 MEDIUM PATCH This Month

Safari and Apple operating systems contain a use-after-free vulnerability in web content processing that causes unexpected application crashes when users visit maliciously crafted websites. The flaw affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier (also iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Remote attackers can trigger a denial-of-service condition requiring only user interaction to visit a malicious page, with no elevated privileges required. Apple has released patches for all affected platforms; the EPSS score of 0.10% (28th percentile) indicates low real-world exploitation probability despite the accessibility of the attack vector.

Apple Safari iOS macOS Use After Free +8
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43212 MEDIUM PATCH This Month

Safari and related Apple platforms crash when processing maliciously crafted web content due to a memory handling vulnerability (buffer overflow). Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger a denial of service by hosting or injecting malicious web content, with user interaction required to visit the affected content. No public exploit code or active exploitation has been confirmed (EPSS 0.08% indicates minimal real-world exploitation activity to date).

Apple Safari iOS macOS Memory Corruption +8
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43211 MEDIUM PATCH This Month

Denial-of-service vulnerability in Apple's WebKit engine affects Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS through improper memory handling during web content processing. Local attackers without authentication can trigger this vulnerability via crafted web content to cause application crashes. Vendor-released patches are available across all affected platforms; EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite the moderate CVSS 6.2 rating.

Apple Safari iOS macOS Denial Of Service +8
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-43209 CRITICAL Act Now

Out-of-bounds write vulnerability in WebKit across Apple's entire operating system ecosystem allows remote code execution via maliciously crafted web content without user interaction or authentication. Affects iOS, iPadOS, macOS (Ventura through Sequoia), tvOS, visionOS, and watchOS prior to July 2025 security updates. Despite a critical 9.8 CVSS score indicating maximum severity, EPSS probability remains low at 0.14% (34th percentile), and no public exploit identified at time of analysis, suggesting limited observed exploitation attempts despite the theoretical remote attack surface.

Apple iOS macOS Safari Memory Corruption +6
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-31278 HIGH PATCH This Week

Memory corruption in Apple's WebKit browser engine across Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, and other Apple operating systems allows remote attackers to achieve arbitrary code execution via maliciously crafted web content requiring only user interaction (visiting a malicious webpage). With CVSS 8.8 (High), the vulnerability enables complete system compromise (high confidentiality, integrity, and availability impact) but carries relatively low real-world exploitation probability (EPSS 0.10%, 27th percentile). No public exploit identified at time of analysis, and vendor-released patches are available across all affected platforms as of July-August 2025.

Apple Safari iOS macOS Memory Corruption +7
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-31273 HIGH PATCH This Week

Memory corruption in WebKit browser engine allows remote code execution across Apple's ecosystem (Safari 18.6, iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6) when users interact with maliciously crafted web content. The vulnerability stems from improper memory handling (CWE-119 buffer overflow) and requires no authentication but user interaction to trigger. EPSS score of 0.10% (26th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS 8.8 rating reflects the potential for complete system compromise if successfully exploited.

Apple Safari iOS macOS Memory Corruption +7
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-42970 HIGH PATCH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption RCE Apple Safari +8
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-42875 HIGH PATCH This Week

Processing web content may lead to arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Apple Safari Ipados +7
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-31192 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-24208 MEDIUM PATCH This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-54534 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-54505 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-54502 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Safari Ipados +5
NVD VulDB
CVSS 3.1
6.5
EPSS
5.7%
CVE-2024-54479 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-44246 MEDIUM This Month

The issue was addressed with improved routing of Safari-originated requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Safari Ipados +2
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-44212 MEDIUM This Month

A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-44296 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-44259 HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-44244 MEDIUM This Month

A memory corruption issue was addressed with improved input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +5
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-44155 MEDIUM This Month

A custom URL scheme handling issue was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-44206 CRITICAL Act Now

An issue in the handling of URL protocols was addressed with improved logic. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
9.3
EPSS
0.5%
CVE-2024-44185 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-44187 MEDIUM This Month

A cross-origin issue existed with "iframe" elements. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-40866 MEDIUM This Month

The issue was addressed with improved UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari macOS
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-40857 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-40817 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari macOS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40794 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-40789 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Safari Ipados +5
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-40785 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Iphone Os Ipados Safari +4
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-40782 MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Use After Free Memory Corruption Safari +6
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-40780 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Iphone Os Ipados +5
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40779 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Iphone Os Ipados +5
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40776 MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Use After Free Memory Corruption Iphone Os +6
NVD VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-27851 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-27850 MEDIUM This Month

This issue was addressed with improvements to the noise injection algorithm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-27844 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari macOS Visionos
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27838 MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-27833 HIGH This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow Safari Ipados +3
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-27830 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-27820 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-27808 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-27834 MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +6
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23271 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-23284 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-23280 MEDIUM This Month

An injection issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari Ipad Os Iphone Os +6
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-23273 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipad Os Iphone Os +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-23263 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-23254 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipad Os Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1580 HIGH This Week

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Dav1D Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-23213 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Safari Ipados +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23211 LOW Monitor

A privacy issue was addressed with improved handling of user preferences. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-23206 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-42872 MEDIUM This Month

The issue was addressed with additional permissions checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42866 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-42833 HIGH This Week

A correctness issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection Safari Ipados +3
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-40414 CRITICAL Act Now

A use-after-free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Apple Safari +6
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-40385 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-42890 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2023-42883 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-42917 HIGH KEV THREAT This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Safari +6
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2023-42916 MEDIUM KEV THREAT This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Safari Ipados +5
NVD
CVSS 3.1
6.5
EPSS
17.8%
CVE-2023-42852 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +5
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-41983 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-41976 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-40447 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-41074 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +5
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-40451 HIGH This Week

This issue was addressed with improved iframe sandbox enforcement. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-40417 MEDIUM This Month

A window management issue was addressed with improved state management. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +2
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-35074 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-38599 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-32445 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38611 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38600 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-38595 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38572 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +3
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-38597 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

An authorization and state management flaw in Apple's WebKit browser engine allows maliciously crafted webpages to fingerprint users by exploiting improper state handling during web interactions. This vulnerability affects Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4 across all Apple platforms. An attacker can exploit this by hosting a specially crafted webpage that leverages the state management weakness to extract browser or device identifiers without user knowledge, enabling user tracking and profiling attacks. No CVSS score, EPSS data, or public proof-of-concept details are currently available, though Apple has released fixes across all affected platforms.

Apple Information Disclosure Safari +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

This vulnerability allows attackers to bypass Content Security Policy (CSP) enforcement in Apple's WebKit engine through maliciously crafted web content, affecting Safari and all Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability stems from improper state management during web content processing, enabling attackers to circumvent a critical security control that prevents injection attacks and unauthorized script execution. While no CVSS score or EPSS data is currently available, the broad platform impact across Apple's entire ecosystem and the fundamental nature of CSP bypass as an information disclosure vector indicate significant real-world risk.

Apple Information Disclosure Safari +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Safari and macOS allow local authenticated applications to access sensitive user data through improper permission enforcement. The vulnerability affects Safari versions prior to 26.2 and macOS versions prior to Tahoe 26.2, exploitable by apps running with user-level privileges that can bypass authorization checks to read protected user information. Apple has released patched versions with additional permission validation; EPSS data indicates minimal real-world exploitation likelihood despite the authenticated local attack vector.

Apple Safari macOS +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit rendering engine allows remote attackers to crash Safari and iOS/iPadOS applications by processing maliciously crafted web content, requiring only user interaction (page visit) and no authentication. The vulnerability affects Safari 26.2, iOS 18.7.3 and iOS 26.2, iPadOS 18.7.3 and iPadOS 26.2, and macOS Tahoe 26.2 and earlier versions. With an EPSS score of 0.06% and no public exploit confirmed, this represents a low real-world exploitation priority despite the moderate CVSS 4.3 severity rating, with impact limited to denial of service through process termination.

Apple Safari iOS +7
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Safari and Apple operating systems contain a race condition that crashes the rendering process when processing maliciously crafted web content, affecting Safari 26.2 and earlier, iOS 18.7.3 and earlier, iPadOS 18.7.3 and earlier, macOS Tahoe 26.2 and earlier, tvOS 26.2 and earlier, visionOS 26.2 and earlier, and watchOS 26.2 and earlier. The vulnerability requires user interaction (clicking a malicious link or visiting a hostile website) and has high attack complexity, resulting in denial of service through process crash rather than data compromise. No public exploit code has been identified, EPSS exploitation probability is very low at 0.12%, and Apple has released patched versions across all affected platforms.

Apple Safari iOS +8
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Apple Safari and macOS Lockdown Mode can be bypassed to access restricted Web APIs through maliciously crafted file URLs due to insufficient URL validation. Affects Safari 26.2 and macOS Tahoe 26.2 on systems with Lockdown Mode enabled. Remote attackers can potentially execute high-impact attacks leveraging APIs meant to be restricted in high-security configurations. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis. This represents a serious compromise of Apple's enhanced security feature designed to protect high-risk users from targeted attacks.

Apple Safari macOS +1
NVD
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Ray is an AI compute engine. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Code Injection +4
NVD GitHub
EPSS 0% 4.8 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption Buffer Overflow Apple +8
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

This issue was addressed with improved URL validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Safari +3
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Out-of-bounds read in Apple Safari and system WebKit implementations allows local attackers to disclose internal application state by processing maliciously crafted web content, affecting Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. The vulnerability requires local access and user interaction but poses information disclosure risk with CVSS 4.0 and EPSS 0.02% (very low exploitation probability); no public exploit code or active exploitation has been identified.

Apple Safari iOS +9
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Safari and macOS contain a logic flaw that allows incorrect association of a download's origin, potentially disclosing information about file provenance to local attackers. The vulnerability affects Safari 18.6 and earlier, plus macOS Sequoia 15.6 and earlier, and requires local access (no authentication needed) to exploit. This is a low-exploitation-probability issue (EPSS 0.03%) with no confirmed active exploitation or public POC at time of analysis.

Apple Safari macOS +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Universal cross-site scripting (XSS) in Safari and macOS allows remote attackers to execute arbitrary JavaScript in the context of visited websites by processing maliciously crafted web content. The vulnerability affects Safari 18.5 and earlier, and macOS Sequoia 15.5 and earlier, and is fixed in Safari 18.6 and macOS Sequoia 15.6. Attack requires user interaction (clicking a malicious link or visiting a compromised site) but carries no authentication requirement. EPSS score of 0.04% indicates low real-world exploitation probability despite the moderate CVSS rating.

Apple Safari macOS +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Address bar spoofing in Apple Safari, iOS, and iPadOS allows remote attackers to deceive users about the website they are visiting through malicious web content, exploiting a user interface flaw that fails to adequately distinguish legitimate from spoofed address bar information. The vulnerability affects Safari before version 18.6, iOS before 18.6, and iPadOS before 18.6, and requires user interaction to visit a malicious site. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.04% reflects low real-world exploitation probability despite the network attack vector.

Apple Safari iOS +5
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure vulnerability in WebKit across Apple's ecosystem allows unauthenticated remote attackers to extract sensitive user information through maliciously crafted web content. The flaw affects Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, visionOS 2.x, and watchOS 11.x, stemming from improper state management (CWE-359). Despite a CVSS score of 7.5, real-world exploitation risk remains relatively low with 0.13% EPSS probability and no public exploit identified at time of analysis. Vendor-released patches are available across all affected platforms.

Apple Safari iOS +9
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Safari and Apple operating systems contain a use-after-free vulnerability in web content processing that causes unexpected application crashes when users visit maliciously crafted websites. The flaw affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier (also iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Remote attackers can trigger a denial-of-service condition requiring only user interaction to visit a malicious page, with no elevated privileges required. Apple has released patches for all affected platforms; the EPSS score of 0.10% (28th percentile) indicates low real-world exploitation probability despite the accessibility of the attack vector.

Apple Safari iOS +10
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Safari and related Apple platforms crash when processing maliciously crafted web content due to a memory handling vulnerability (buffer overflow). Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger a denial of service by hosting or injecting malicious web content, with user interaction required to visit the affected content. No public exploit code or active exploitation has been confirmed (EPSS 0.08% indicates minimal real-world exploitation activity to date).

Apple Safari iOS +10
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Denial-of-service vulnerability in Apple's WebKit engine affects Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS through improper memory handling during web content processing. Local attackers without authentication can trigger this vulnerability via crafted web content to cause application crashes. Vendor-released patches are available across all affected platforms; EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite the moderate CVSS 6.2 rating.

Apple Safari iOS +10
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Out-of-bounds write vulnerability in WebKit across Apple's entire operating system ecosystem allows remote code execution via maliciously crafted web content without user interaction or authentication. Affects iOS, iPadOS, macOS (Ventura through Sequoia), tvOS, visionOS, and watchOS prior to July 2025 security updates. Despite a critical 9.8 CVSS score indicating maximum severity, EPSS probability remains low at 0.14% (34th percentile), and no public exploit identified at time of analysis, suggesting limited observed exploitation attempts despite the theoretical remote attack surface.

Apple iOS macOS +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in Apple's WebKit browser engine across Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, and other Apple operating systems allows remote attackers to achieve arbitrary code execution via maliciously crafted web content requiring only user interaction (visiting a malicious webpage). With CVSS 8.8 (High), the vulnerability enables complete system compromise (high confidentiality, integrity, and availability impact) but carries relatively low real-world exploitation probability (EPSS 0.10%, 27th percentile). No public exploit identified at time of analysis, and vendor-released patches are available across all affected platforms as of July-August 2025.

Apple Safari iOS +9
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in WebKit browser engine allows remote code execution across Apple's ecosystem (Safari 18.6, iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6) when users interact with maliciously crafted web content. The vulnerability stems from improper memory handling (CWE-119 buffer overflow) and requires no authentication but user interaction to trigger. EPSS score of 0.10% (26th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS 8.8 rating reflects the potential for complete system compromise if successfully exploited.

Apple Safari iOS +9
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption RCE +10
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Processing web content may lead to arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Apple +9
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari +4
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari +5
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow +7
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow +7
NVD VulDB
EPSS 6% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +7
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Safari +6
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

The issue was addressed with improved routing of Safari-originated requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +5
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +6
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +4
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

A memory corruption issue was addressed with improved input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A custom URL scheme handling issue was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +4
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

An issue in the handling of URL protocols was addressed with improved logic. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Safari +6
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

A cross-origin issue existed with "iframe" elements. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +6
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari +6
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari +3
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +7
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Iphone Os +6
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Use After Free +8
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +7
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +7
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Use After Free +8
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow +7
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

This issue was addressed with improvements to the noise injection algorithm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +2
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari +6
NVD VulDB
EPSS 2% CVSS 8.8
HIGH This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow +5
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +6
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow +7
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +6
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari +8
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari +5
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +9
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

An injection issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari +8
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +3
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +9
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +9
NVD VulDB
EPSS 2% CVSS 8.8
HIGH This Week

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Dav1D +6
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

A privacy issue was addressed with improved handling of user preferences. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +4
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with additional permissions checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +4
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A correctness issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection +5
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A use-after-free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +8
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +4
NVD
EPSS 3% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple +6
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari +6
NVD
EPSS 9% CVSS 8.8
HIGH KEV THREAT This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +8
NVD
EPSS 18% CVSS 6.5
MEDIUM KEV THREAT This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +7
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Safari +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +7
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +6
NVD
EPSS 4% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This issue was addressed with improved iframe sandbox enforcement. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A window management issue was addressed with improved state management. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari +5
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +3
NVD
Page 1 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy