CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-43535 – Debian Security Advisory 6083-1
https://notcve.org/view.php?id=CVE-2025-43535
17 Dec 2025 — The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. The following vulnerabilities have been discovered in the WebKitGTK web engine. • https://support.apple.com/en-us/125884 •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2025-43529 – Apple Multiple Products Use-After-Free WebKit Vulnerability
https://notcve.org/view.php?id=CVE-2025-43529
17 Dec 2025 — A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in r... • https://support.apple.com/en-us/125884 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-43526
https://notcve.org/view.php?id=CVE-2025-43526
17 Dec 2025 — This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted. • https://support.apple.com/en-us/125886 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-43531 – Debian Security Advisory 6083-1
https://notcve.org/view.php?id=CVE-2025-43531
17 Dec 2025 — A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. The following vulnerabilities have been discovered in the WebKitGTK web engine. • https://support.apple.com/en-us/125884 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-43536 – Debian Security Advisory 6083-1
https://notcve.org/view.php?id=CVE-2025-43536
17 Dec 2025 — A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash. The following vulnerabilities have been discovered in the WebKitGTK web engine. • https://support.apple.com/en-us/125884 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-46282
https://notcve.org/view.php?id=CVE-2025-46282
17 Dec 2025 — The issue was addressed with additional permissions checks. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. An app may be able to access sensitive user data. • https://support.apple.com/en-us/125886 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-43501 – Apple Safari JavaScriptCore HashTable Expansion Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-43501
17 Dec 2025 — A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... • https://support.apple.com/en-us/125884 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-43541 – Apple Safari JavaScriptCore FTL DataView byteLength Property Handling Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-43541
17 Dec 2025 — A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious... • https://support.apple.com/en-us/125884 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 1CVE-2025-14174 – Google Chromium Out of Bounds Memory Access Vulnerability
https://notcve.org/view.php?id=CVE-2025-14174
12 Dec 2025 — Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) An update that fixes three vulnerabilities is now available. This update for chromium fixes the following issues. Use after free in WebGPU Out of bounds read and write in V8. Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform ou... • https://packetstorm.news/files/id/213356 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-43368 – Apple Safari IPC Connection Invalidation Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-43368
15 Sep 2025 — A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. • https://support.apple.com/en-us/125108 • CWE-416: Use After Free •