Meta
Products
2- 4 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36934 | Cri | 0.64 | 9.8 | 0.02 | Sep 22, 2022 | An integer overflow in WhatsApp could result in remote code execution in an established video call. | ||
| CVE-2024-23347 | Hig | 0.51 | 7.8 | 0.00 | Jan 16, 2024 | Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application. | ||
| CVE-2022-27492 | Hig | 0.51 | 7.8 | 0.01 | Sep 23, 2022 | An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. | ||
| CVE-2025-55177 | 0.12 | — | 0.04 | KEV | Aug 29, 2025 | Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a… | ||
| CVE-2025-55179 | 0.00 | — | 0.00 | Nov 18, 2025 | Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We… |
- risk 0.64cvss 9.8epss 0.02
An integer overflow in WhatsApp could result in remote code execution in an established video call.
- risk 0.51cvss 7.8epss 0.00
Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.
- risk 0.51cvss 7.8epss 0.01
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.
- risk 0.12cvss —epss 0.04
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a…
- CVE-2025-55179Nov 18, 2025risk 0.00cvss —epss 0.00
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We…