1346
CVEs
123
Critical
412
High
18
KEV
49
PoC
353
Unpatched C/H
31.6%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
123
HIGH
412
MEDIUM
723
LOW
82
Monthly CVE Trend
Affected Products (30)
macOS
370
iOS
210
Ipados
79
Iphone Os
74
Windows
46
Open Redirect
32
Ios Xe
31
Android
31
Safari
29
Visionos
26
Tvos
23
Watchos
23
Python
22
Docker
15
Node.js
14
Ios Xr
13
PHP
10
Jwt Attack
7
Chrome
7
Linux Kernel
7
Ubuntu
6
Virtual Appliance Application
5
Virtual Appliance Host
5
Mobile Security Framework
4
Meeting Software Development Kit
4
Java
4
Workplace Desktop
4
PostgreSQL
3
Video Software Development Kit
3
Rooms
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-24085 | Apple CoreMedia contains a use-after-free vulnerability allowing malicious applications to elevate privileges, exploited in the wild against iOS versions before iOS 17.2 as part of targeted surveillance operations. | CRITICAL | 10.0 | 25.2% | 145 |
KEV
PoC
No patch
|
| CVE-2025-24200 | An authorization issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 44.2%. | MEDIUM | 6.1 | 44.2% | 125 |
KEV
No patch
|
| CVE-2025-31201 | Apple devices contain a vulnerability allowing attackers with arbitrary read/write to bypass Pointer Authentication Codes (PAC), addressed by removing the vulnerable code. Exploited alongside CVE-2025-31200. | CRITICAL | 9.8 | 2.3% | 121 |
KEV
PoC
No patch
|
| CVE-2025-31200 | Apple CoreAudio contains a memory corruption vulnerability exploitable through maliciously crafted audio streams in media files, enabling code execution. Exploited in extremely sophisticated targeted attacks in April 2025. | CRITICAL | 9.8 | 2.1% | 121 |
KEV
PoC
No patch
|
| CVE-2025-43300 | Apple iOS/iPadOS contain an out-of-bounds write in image processing that allows code execution through malicious images, exploited in extremely sophisticated targeted attacks against specific individuals. | CRITICAL | 10.0 | 0.5% | 121 |
KEV
PoC
No patch
|
| CVE-2025-31277 | WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day. | HIGH | 8.8 | 0.1% | 114 |
KEV
PoC
|
| CVE-2026-20700 | Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary. | HIGH | 7.8 | 0.4% | 109 |
KEV
PoC
No patch
|
| CVE-2025-43510 | Apple kernel lock state checking flaw allows a malicious application to cause unexpected changes in memory shared between processes, potentially enabling cross-process data manipulation on iOS, macOS, and other Apple platforms. | HIGH | 7.8 | 0.0% | 109 |
KEV
PoC
No patch
|
| CVE-2025-34089 | An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disabled (i.e., the "Allow unknown devices" option is enabled), the /api/executeScript endpoint is exposed without access control. This allows unauthenticated remote attackers to inject arbitrary AppleScript payloads via the X-Script HTTP header, resulting in code execution using do shell script. Successful exploitation grants attackers the ability to run arbitrary commands on the macOS host with the privileges of the Remote for Mac background process. | CRITICAL | 9.3 | 56.5% | 103 |
No patch
|
| CVE-2025-24201 | A critical out-of-bounds write in WebKit's rendering engine allows maliciously crafted web content to escape the Web Content sandbox, achieving native code execution on Apple devices. Rated CVSS 10.0 and KEV-listed, CVE-2025-24201 is a supplementary fix for a previously patched vulnerability that was being actively exploited in extremely sophisticated targeted attacks. Affects all Apple platforms: iOS, iPadOS, macOS, Safari, visionOS, and watchOS. | CRITICAL | 10.0 | 0.1% | 100 |
KEV
|
| CVE-2025-43520 | Apple kernel memory corruption in multiple operating systems allows a malicious application to cause unexpected system termination or write kernel memory via an out-of-bounds write flaw addressed in watchOS 26.1, iOS 18.7.2, and macOS Tahoe 26.1. | MEDIUM | 5.5 | 0.0% | 98 |
KEV
PoC
No patch
|
| CVE-2024-44308 | Arbitrary code execution in Apple Safari, iOS/iPadOS, macOS Sequoia, and visionOS occurs when processing maliciously crafted web content, with Apple confirming active exploitation on Intel-based Mac systems. The flaw is confirmed actively exploited (CISA KEV) and carries a CVSS 8.8 score requiring only user interaction (visiting a malicious page) to achieve remote code execution. EPSS at 1.55% (81st percentile) is moderate but the KEV listing signals real-world targeted abuse against Apple's WebKit-based browsing stack. | HIGH | 8.8 | 1.5% | 96 |
KEV
No patch
|
| CVE-2024-23222 | Arbitrary code execution in Apple WebKit affects Safari and the system browser engine across iOS, iPadOS, macOS, tvOS, and visionOS, where a type confusion flaw allows attackers to execute code via maliciously crafted web content. The vulnerability is confirmed actively exploited (CISA KEV) and was used in the Coruna exploit chain against older iOS devices before being backported to legacy versions. EPSS sits at 0.62% (70th percentile), consistent with targeted exploitation rather than mass scanning. | HIGH | 8.8 | 0.6% | 95 |
KEV
No patch
|
| CVE-2025-43529 | WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users. | HIGH | 8.8 | 0.1% | 94 |
KEV
|
| CVE-2025-20352 | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available. | HIGH | 7.7 | 2.0% | 90 |
KEV
No patch
|