CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-30466
https://notcve.org/view.php?id=CVE-2025-30466
29 May 2025 — This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy. • https://support.apple.com/en-us/122371 • CWE-346: Origin Validation Error •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-31199
https://notcve.org/view.php?id=CVE-2025-31199
29 May 2025 — A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. • https://support.apple.com/en-us/122371 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31185
https://notcve.org/view.php?id=CVE-2025-31185
19 May 2025 — A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication. • https://support.apple.com/en-us/122066 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-31262
https://notcve.org/view.php?id=CVE-2025-31262
19 May 2025 — A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to modify protected parts of the file system. • https://support.apple.com/en-us/122066 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24223 – webkitgtk: Processing maliciously crafted web content may lead to memory corruption
https://notcve.org/view.php?id=CVE-2025-24223
12 May 2025 — The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in memory corruption. macOS Sequoia 15.5 addresses bypass, code execution, double free, information leakage, integer overf... • https://support.apple.com/en-us/122404 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31241 – Apple Security Advisory 05-12-2025-8
https://notcve.org/view.php?id=CVE-2025-31241
12 May 2025 — A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination. macOS Ventura 13.7.6 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122404 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31257 – webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
https://notcve.org/view.php?id=CVE-2025-31257
12 May 2025 — This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in an unexpected crash. macOS Sequoia 15.5 addresses bypass, code execution, double free, information leakage, i... • https://support.apple.com/en-us/122404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24111 – Apple Security Advisory 05-12-2025-2
https://notcve.org/view.php?id=CVE-2025-24111
12 May 2025 — A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination. iPadOS 17.7.7 addresses code execution, double free, information leakage, integer overflow, out of bounds read, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-31217 – Apple Security Advisory 05-12-2025-9
https://notcve.org/view.php?id=CVE-2025-31217
12 May 2025 — The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. macOS Sequoia 15.5 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122404 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31221 – Apple Security Advisory 05-12-2025-8
https://notcve.org/view.php?id=CVE-2025-31221
12 May 2025 — An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory. macOS Ventura 13.7.6 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122404 • CWE-190: Integer Overflow or Wraparound •