Skip to content
View calysteon's full-sized avatar
3 followers · 4 following

Achievements

Achievement: QuickdrawAchievement: Pull Shark

Achievements

Achievement: QuickdrawAchievement: Pull Shark

Highlights

Block or report calysteon

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
calysteon/README.md

CVE List

CVE Vendor CWE Reference Writeup
CVE-2026-28890 Apple CWE-125 (Out-of-Bounds Read) 126801 -
CVE-2026-28857 Apple CWE-122 (Heap-based Buffer Overflow) 126792, 126794, 126799, 126800 -
CVE-2026-28845 Apple CWE-862 (Missing Authorization) 126794 -
CVE-2026-27820 Ruby CWE-122 (Heap-based Buffer Overflow) ruby-lang.org -
CVE-2026-20652 Apple CWE-191 (Integer Underflow) 126354 -
CVE-2025-43505 Apple CWE-787 (Out-of-Bounds Write / Heap Corruption) 125641 -
CVE-2025-43504 Apple CWE-121 (Stack-based Buffer Overflow) 125641 True
CVE-2025-43375 Apple CWE-20 (Improper Input Validation) 125117 -
CVE-2025-43370 Apple CWE-20 (Improper Input Validation) 125117 -
CVE-2025-43353 Apple CWE-787 (Out-of-Bounds Write / Heap Corruption) 125110, 125111, 125112 True
CVE-2025-43299 Apple CWE-20 (Improper Input Validation) 125109, 125110, 125111, 125112 -
CVE-2025-43295 Apple CWE-20 (Improper Input Validation) 125109, 125110, 125111, 125112 -
CVE-2025-53623 Shopify CWE-78 (OS Command Injection) - -
CVE-2025-43577 Adobe CWE-416 (Use-After-Free) - -
CVE-2024-13334 WordPress CWE-79 (Reflected XSS) - -
CVE-2024-10813 WordPress CWE-200 (Information Exposure) - -
CVE-2024-10792 WordPress CWE-79 (Reflected XSS) - -
CVE-2024-0848 WordPress CWE-79 (Reflected XSS) - -
CVE-2024-0847 WordPress CWE-352 (CSRF) - -
CVE-2024-1780 WordPress CWE-79 (Reflected XSS) - -
CVE-2024-1782 WordPress CWE-79 (Reflected XSS) - -
CVE-2024-0708 WordPress CWE-200 (Information Exposure) - -
CVE-2024-0859 WordPress CWE-352 (CSRF) - -

Acknowledgments

Vendor Platform / Release Component(s) Reference
Apple Xcode 26.2 otool 126801
Apple iOS / iPadOS 26.2 LLVM, WebKit 126792
Apple macOS Tahoe 26.2 Core Bluetooth, LaunchServices, LLVM, WebKit 126794
Apple macOS Tahoe 26.2 FileVault 125886
Apple tvOS 26.2 LLVM 126797
Apple watchOS 26.2 LLVM 126798
Apple visionOS 26.2 LLVM, WebKit 126799
Apple Safari 26.2 WebKit 126800
Apple iOS / iPadOS 26 darwinOS, libc, libpthread, libxml2 125108
Apple iOS / iPadOS 18.7 libpthread, libxml2 125109
Apple macOS Tahoe 26 AMD, Core Bluetooth, CoreMedia, darwinOS, libc, libedit, libpthread, libxml2 125110
Apple macOS Sequoia 15.7 libpthread, libxml2 125111
Apple macOS Sonoma 14.8 libpthread, libxml2 125112
Apple tvOS 26 darwinOS, libc, libpthread, libxml2 125114
Apple visionOS 26 darwinOS 125115
Apple watchOS 26 darwinOS, libc, libpthread, libxml2 125116

Pinned Loading

  1. Arphsy Arphsy Public

    Arphsy is a proof-of-concept implementation of the Autonomous Function Call Resolution algorithm designed to guide security researchers in the deobfuscation of "canaried" JavaScript code.

    JavaScript 2