CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24243 – Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24243
31 Mar 2025 — Processing a maliciously crafted file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://support.apple.com/en-us/122371 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24182 – Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24182
31 Mar 2025 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://support.apple.com/en-us/122371 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24244 – Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24244
31 Mar 2025 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://support.apple.com/en-us/122371 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24228
https://notcve.org/view.php?id=CVE-2025-24228
31 Mar 2025 — An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/122373 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24211 – Apple macOS MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24211
31 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the WebKit GPU process. • https://support.apple.com/en-us/122371 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24230 – Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24230
31 Mar 2025 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the WebKit GPU process. • https://support.apple.com/en-us/122371 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24256 – Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24256
31 Mar 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppleIntelKBLGraphics kext. he issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. • https://support.apple.com/en-us/122373 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24190 – Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24190
31 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the WebKit GPU process. • https://support.apple.com/en-us/122371 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-3036 – yzk2356911358 StudentServlet-JSP Student Management cross site scripting
https://notcve.org/view.php?id=CVE-2025-3036
31 Mar 2025 — A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. This affects an unknown part of the component Student Management Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.302097 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31692 – AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021
https://notcve.org/view.php?id=CVE-2025-31692
31 Mar 2025 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. • https://www.drupal.org/sa-contrib-2025-021 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •