8
CVE-2025-31223 - webkitgtk: Processing maliciously crafted web content may lead to memory corruption
The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.
6.5
CVE-2025-31235 - Double Free Leading to Unexpected System Termination in iPadOS and macOS
A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.
5.5
CVE-2025-24220 - Permissions Flaw Exposes Persistent Device Identifier in iOS and iPadOS
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.9. An app may be able to read a persistent device identifier.
7.1
CVE-2025-31219 - Memory Corruption Vulnerability Leading to System Termination in Apple Operating Systems
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system termination or corrupt kernβ¦
6.5
CVE-2025-31258 - macOS Sandbox Escape Vulnerability
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
9.4
CVE-2025-3659 - Improper authentication handling for Digi PortServer TS; Digi One SP, SP IA, IA; Digi One IAP
Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS - prior to and including 82000747_AA, build date 06/17/2022 * Digi One SP/Digi One SP IA/Digi One IA - prior to and including 82000774_Z, build datβ¦
7.8
CVE-2025-1079 - RCE In Google Web Designer
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature
7.6
CVE-2024-4982 - Pagure: path traversal in view_issue_raw_file()
A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
7.6
CVE-2024-4981 - Pagure: _update_file_in_git() follows symbolic links in temporary clones
A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.
9.8
CVE-2025-47682 - WordPress SMS Alert Order Notifications β WooCommerce plugin <= 3.8.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through <= 3.8.1.