Security Vulnerabilities
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-07-30
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to gain root privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-30
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to memory corruption.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-30
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to launch any installed app.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-07-30
This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-07-30
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-30
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-30
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-30
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests. The vulnerability stems from the multipart form data and JSON request handlers, which automatically download files from user-provided URLs without validating whether those URLs point to internal network addresses, cloud metadata endpoints, or other restricted resources. The documentation explicitly promotes this URL-based file upload feature, making it an intended design that exposes all deployed services to SSRF attacks by default. Version 1.4.19 contains a patch for the issue.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-07-29
A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-29