Early Access — Mondoo Vulnerability Intelligence is currently in preview.
CVE-2025-24180
Impact: A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix
Description: The issue was addressed with improved input validation.
CVE-2025-30466
Impact: A website may be able to bypass Same Origin Policy
Description: This issue was addressed through improved state management.
CVE-2025-24113
Impact: Visiting a malicious website may lead to user interface spoofing
Description: The issue was addressed with improved UI.
CVE-2025-30467
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved checks.
CVE-2025-31192
Impact: A website may be able to access sensor information without user consent
Description: The issue was addressed with improved checks.
CVE-2025-24167
Impact: A download's origin may be incorrectly associated
Description: This issue was addressed through improved state management.
CVE-2025-31184
Impact: An app may gain unauthorized access to Local Network
Description: This issue was addressed with improved permissions checking.
CVE-2025-24192
Impact: Visiting a website may leak sensitive data
Description: A script imports issue was addressed with improved isolation.
CVE-2025-24264
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: The issue was addressed with improved memory handling.
CVE-2025-24216
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: The issue was addressed with improved memory handling.
CVE-2025-24209
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2025-24208
Impact: Loading a malicious iframe may lead to a cross-site scripting attack
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-30427
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory management.
CVE-2025-30425
Impact: A malicious website may be able to track users in Safari private browsing mode
Description: This issue was addressed through improved state management.
18.418.4