CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-43531 – Debian Security Advisory 6083-1
https://notcve.org/view.php?id=CVE-2025-43531
17 Dec 2025 — A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. The following vulnerabilities have been discovered in the WebKitGTK web engine. • https://support.apple.com/en-us/125884 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-43536 – Debian Security Advisory 6083-1
https://notcve.org/view.php?id=CVE-2025-43536
17 Dec 2025 — A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash. The following vulnerabilities have been discovered in the WebKitGTK web engine. • https://support.apple.com/en-us/125884 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-43428
https://notcve.org/view.php?id=CVE-2025-43428
17 Dec 2025 — A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed without authentication. • https://support.apple.com/en-us/125884 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46283
https://notcve.org/view.php?id=CVE-2025-46283
17 Dec 2025 — A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data. • https://support.apple.com/en-us/125886 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-46282
https://notcve.org/view.php?id=CVE-2025-46282
17 Dec 2025 — The issue was addressed with additional permissions checks. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. An app may be able to access sensitive user data. • https://support.apple.com/en-us/125886 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-46277
https://notcve.org/view.php?id=CVE-2025-46277
17 Dec 2025 — A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2. An app may be able to access a user’s Safari history. • https://support.apple.com/en-us/125884 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-43501 – Apple Safari JavaScriptCore HashTable Expansion Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-43501
17 Dec 2025 — A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... • https://support.apple.com/en-us/125884 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-43541 – Apple Safari JavaScriptCore FTL DataView byteLength Property Handling Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-43541
17 Dec 2025 — A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious... • https://support.apple.com/en-us/125884 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2025-14174 – Google Chromium Out of Bounds Memory Access Vulnerability
https://notcve.org/view.php?id=CVE-2025-14174
12 Dec 2025 — Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) An update that fixes three vulnerabilities is now available. This update for chromium fixes the following issues. Use after free in WebGPU Out of bounds read and write in V8. Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform ou... • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43281
https://notcve.org/view.php?id=CVE-2025-43281
15 Oct 2025 — The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges. • https://support.apple.com/en-us/124149 • CWE-287: Improper Authentication •