CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24223 – webkitgtk: Processing maliciously crafted web content may lead to memory corruption
https://notcve.org/view.php?id=CVE-2025-24223
12 May 2025 — The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in memory corruption. • https://support.apple.com/en-us/122404 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31241
https://notcve.org/view.php?id=CVE-2025-31241
12 May 2025 — A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination. • https://support.apple.com/en-us/122404 • CWE-415: Double Free •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31257
https://notcve.org/view.php?id=CVE-2025-31257
12 May 2025 — This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. • https://support.apple.com/en-us/122404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24111
https://notcve.org/view.php?id=CVE-2025-24111
12 May 2025 — A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination. • https://support.apple.com/en-us/122066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-31217
https://notcve.org/view.php?id=CVE-2025-31217
12 May 2025 — The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. • https://support.apple.com/en-us/122404 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31221
https://notcve.org/view.php?id=CVE-2025-31221
12 May 2025 — An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory. • https://support.apple.com/en-us/122404 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-31206 – webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
https://notcve.org/view.php?id=CVE-2025-31206
12 May 2025 — A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. A flaw was found in WebKitGTK. Processing malicious web content can cause a type confusion issue due to improper state handling and result in an unexpected crash. • https://support.apple.com/en-us/122404 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31251
https://notcve.org/view.php?id=CVE-2025-31251
12 May 2025 — The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. • https://support.apple.com/en-us/122404 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31226
https://notcve.org/view.php?id=CVE-2025-31226
12 May 2025 — A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing a maliciously crafted image may lead to a denial-of-service. • https://support.apple.com/en-us/122404 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31204 – webkitgtk: Processing maliciously crafted web content may lead to memory corruption
https://notcve.org/view.php?id=CVE-2025-31204
12 May 2025 — The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. A flaw was found in WebKitGTK. Processing malicious web content can cause out-of-bounds memory access due to improper memory handling and result in memory corruption. • https://support.apple.com/en-us/122404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •