CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30470
https://notcve.org/view.php?id=CVE-2025-30470
31 Mar 2025 — A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to read sensitive location information. • https://support.apple.com/en-us/122371 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-30427
https://notcve.org/view.php?id=CVE-2025-30427
31 Mar 2025 — A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. • https://support.apple.com/en-us/122371 • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24192
https://notcve.org/view.php?id=CVE-2025-24192
31 Mar 2025 — A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a website may leak sensitive data. • https://support.apple.com/en-us/122371 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30447
https://notcve.org/view.php?id=CVE-2025-30447
31 Mar 2025 — The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data. • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24214
https://notcve.org/view.php?id=CVE-2025-24214
31 Mar 2025 — A privacy issue was addressed by not logging contents of text fields. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. • https://support.apple.com/en-us/122371 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24243 – Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24243
31 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma... • https://support.apple.com/en-us/122371 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30426
https://notcve.org/view.php?id=CVE-2025-30426
31 Mar 2025 — This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to enumerate a user's installed apps. • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30471
https://notcve.org/view.php?id=CVE-2025-30471
31 Mar 2025 — A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service. • https://support.apple.com/en-us/122371 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30430
https://notcve.org/view.php?id=CVE-2025-30430
31 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Password autofill may fill in passwords after failing authentication. • https://support.apple.com/en-us/122371 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24182 – Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24182
31 Mar 2025 — An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing a maliciously crafted font may result in the disclosure of process memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe... • https://support.apple.com/en-us/122371 • CWE-125: Out-of-bounds Read •