Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-43338

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-04 Nov, 2025 | 01:17
Updated At-02 Apr, 2026 | 18:22
Rejected At-
Credits

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:04 Nov, 2025 | 01:17
Updated At:02 Apr, 2026 | 18:22
Rejected At:
â–¼CVE Numbering Authority (CNA)

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Affected Products
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From 0 before 26 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From 0 before 14.8.2 (custom)
  • From 0 before 14.8.4 (custom)
  • From 0 before 26 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AProcessing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Type: N/A
CWE ID: N/A
Description: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.apple.com/en-us/125108
N/A
https://support.apple.com/en-us/125110
N/A
https://support.apple.com/en-us/125636
N/A
https://support.apple.com/en-us/126350
N/A
Hyperlink: https://support.apple.com/en-us/125108
Resource: N/A
Hyperlink: https://support.apple.com/en-us/125110
Resource: N/A
Hyperlink: https://support.apple.com/en-us/125636
Resource: N/A
Hyperlink: https://support.apple.com/en-us/126350
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:04 Nov, 2025 | 02:15
Updated At:02 Apr, 2026 | 19:20

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CPE Matches

Apple Inc.
apple
>>ipados>>Versions before 26.0(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 26.0(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions before 14.8.2(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-79
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://support.apple.com/en-us/125108product-security@apple.com
N/A
https://support.apple.com/en-us/125110product-security@apple.com
N/A
https://support.apple.com/en-us/125636product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/126350product-security@apple.com
N/A
Hyperlink: https://support.apple.com/en-us/125108
Source: product-security@apple.com
Resource: N/A
Hyperlink: https://support.apple.com/en-us/125110
Source: product-security@apple.com
Resource: N/A
Hyperlink: https://support.apple.com/en-us/125636
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/126350
Source: product-security@apple.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

262Records found

CVE-2025-43287
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.21% / 11.40%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 22:34
Updated-02 Apr, 2026 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-40799
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.43% / 34.28%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:17
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48578
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.49%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 19:21
Updated-19 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5. Processing an AppleScript may result in unexpected termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-27800
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.61% / 44.82%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 20:56
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a maliciously crafted message may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOStvosvisionoswatchosiosipad_osmacos
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-23249
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.24% / 15.34%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:35
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-42876
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.20% / 9.47%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2022-32852
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.53% / 41.05%
||
7 Day CHG+0.01%
Published-23 Sep, 2022 | 18:58
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-32851
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.57% / 42.89%
||
7 Day CHG+0.02%
Published-23 Sep, 2022 | 18:59
Updated-22 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-32797
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-1.01% / 59.00%
||
7 Day CHG+0.03%
Published-23 Sep, 2022 | 18:59
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacosmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-32853
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.57% / 42.89%
||
7 Day CHG+0.02%
Published-23 Sep, 2022 | 18:59
Updated-22 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-29458
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-1.30% / 66.89%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 00:00
Updated-09 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Action-Not Available
Vendor-n/aApple Inc.GNUDebian GNU/Linux
Product-ncursesdebian_linuxmacosn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-26698
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.91% / 55.70%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 18:40
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xSecurity Update - CatalinamacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-32831
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.57% / 42.89%
||
7 Day CHG+0.02%
Published-23 Sep, 2022 | 18:59
Updated-22 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-32807
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.70% / 48.83%
||
7 Day CHG+0.02%
Published-23 Sep, 2022 | 18:59
Updated-27 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacosmacOS
CVE-2022-32843
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.57% / 42.89%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:59
Updated-27 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacosmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-64893
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.1||HIGH
EPSS-0.15% / 4.35%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:41
Updated-10 Dec, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DNG SDK | Out-of-bounds Read (CWE-125)

DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-windowsdng_software_development_kitmacosDNG SDK
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-22627
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-1.00% / 58.51%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 17:59
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-22625
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-1.11% / 61.91%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 17:59
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-26697
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-1.01% / 59.01%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 18:39
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xSecurity Update - CatalinamacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-22626
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-1.11% / 61.91%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 17:59
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32420
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.11%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to cause unexpected system termination or read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacoswatchOStvOSmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-28179
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.21% / 11.75%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 22:40
Updated-09 Oct, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2025-64784
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.10%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:41
Updated-10 Dec, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DNG SDK | Heap-based Buffer Overflow (CWE-122)

DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-windowsdng_software_development_kitmacosDNG SDK
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-43221
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.22% / 12.06%
||
7 Day CHG+0.01%
Published-29 Jul, 2025 | 23:29
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionosmacosiphone_osipadosmacOSiOS and iPadOStvOSvisionOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-43239
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.23% / 13.88%
||
7 Day CHG+0.02%
Published-29 Jul, 2025 | 23:29
Updated-02 Apr, 2026 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-43224
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.26% / 17.50%
||
7 Day CHG+0.02%
Published-29 Jul, 2025 | 23:35
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionosmacosiphone_osipadosmacOSiOS and iPadOStvOSvisionOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-43254
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.22% / 12.40%
||
7 Day CHG+0.01%
Published-29 Jul, 2025 | 23:28
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-31253
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.18% / 8.32%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-02 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-672
Operation on a Resource after Expiration or Release
CVE-2021-30788
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-1.15% / 62.89%
||
7 Day CHG+0.04%
Published-08 Sep, 2021 | 13:39
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosmac_os_xmacosSecurity Update - CatalinamacOSiOS
CVE-2021-30877
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.78% / 51.62%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:49
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30876
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.89% / 54.95%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:49
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30880
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.78% / 51.62%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:49
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30710
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.92% / 56.05%
||
7 Day CHG+0.03%
Published-08 Sep, 2021 | 14:28
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23248
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 37.73%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:35
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2020-36521
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.41% / 33.13%
||
7 Day CHG+0.01%
Published-23 Sep, 2022 | 18:58
Updated-22 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.

Action-Not Available
Vendor-Apple Inc.
Product-icloudtvosmacosiphone_osipadoswatchosituneswatchOSiOS and iPadOSiTunes for WindowsiCloud for Windows
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-4166
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-1.59% / 72.63%
||
7 Day CHG~0.00%
Published-25 Dec, 2021 | 18:15
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in vim/vim

vim is vulnerable to Out-of-bounds Read

Action-Not Available
Vendor-openSUSERed Hat, Inc.SUSEVimFedora ProjectDebian GNU/LinuxApple Inc.
Product-debian_linuxfactoryvimlinux_enterpriseenterprise_linuxfedoramac_os_xmacosvim/vim
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30879
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.87% / 54.42%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:49
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2007-2401
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-7.06% / 93.43%
||
7 Day CHG~0.00%
Published-25 Jun, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xmac_os_x_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-2400
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.55% / 83.13%
||
7 Day CHG~0.00%
Published-25 Jun, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-mac_os_xwindows_vistawindows_xpiphone_ossafarin/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-40846
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.47% / 37.32%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-40857
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.54% / 41.58%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to universal cross site scripting.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-40785
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.77% / 51.22%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:16
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to a cross site scripting attack.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-40845
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.37% / 29.11%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:23
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-2391
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.29% / 66.79%
||
7 Day CHG~0.00%
Published-14 Jun, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-50891
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-5.1||MEDIUM
EPSS-0.24% / 15.48%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-07 Apr, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Owlfiles File Manager 12.0.1 Cross-Site Scripting via HTTP Server

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.

Action-Not Available
Vendor-skyjosSkyjosApple Inc.
Product-visionosiphone_ostvosmacosowlfilesipadosOwlfiles File Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-9971
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 5.45%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 22:25
Updated-01 Jun, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCApple Inc.
Product-iphone_oschromeChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-0478
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.62% / 73.14%
||
7 Day CHG~0.00%
Published-25 Jan, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xsafariwebcoren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0531
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-3.73% / 88.48%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xadobe_air_sdkwindowsflash_playerlinux_kerneln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-45557
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.45% / 35.90%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names.

Action-Not Available
Vendor-left_projectn/aApple Inc.
Product-leftmacosn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-45558
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.45% / 35.90%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag.

Action-Not Available
Vendor-left_projectn/aApple Inc.
Product-leftmacosn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found