VYPR
Vendor

Wpewebkit

Products
4
CVEs
25
Across products
27
Status
Private

Products

4

Recent CVEs

25
View all 25 CVEs →
  • CVE-2025-43343CriSep 15, 2025
    risk 0.64cvss 9.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43342CriSep 15, 2025
    risk 0.64cvss 9.8epss 0.01

    A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2018-12293HigJun 19, 2018
    risk 0.61cvss 8.8epss 0.11

    The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer…

  • CVE-2025-13502HigNov 25, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.

  • CVE-2016-10222HigApr 3, 2017
    risk 0.49cvss 7.5epss 0.02

    runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the…

  • CVE-2016-9643HigMar 7, 2017
    risk 0.49cvss 7.5epss 0.03

    The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).

  • CVE-2024-23284MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content…

  • CVE-2024-23280MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.

  • CVE-2024-23263MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security…

  • CVE-2024-23254MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.

  • CVE-2024-27834MedMay 14, 2024
    risk 0.36cvss 5.5epss 0.01

    The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

  • CVE-2016-9642MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.01

    JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.

  • CVE-2025-66286MedApr 23, 2026
    risk 0.31cvss 4.7epss 0.00

    An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain…

  • CVE-2023-39928Oct 6, 2023
    risk 0.00cvss epss 0.01

    A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger…

  • CVE-2021-42762Oct 20, 2021
    risk 0.00cvss epss 0.01

    BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem…

  • CVE-2020-13753Jul 14, 2020
    risk 0.00cvss epss 0.03

    The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to…

  • CVE-2020-11793Apr 17, 2020
    risk 0.00cvss epss 0.03

    A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

  • CVE-2020-10018Mar 2, 2020
    risk 0.00cvss epss 0.05

    WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.

  • CVE-2019-11070Apr 10, 2019
    risk 0.00cvss epss 0.03

    WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are…

  • CVE-2019-6251Jan 14, 2019
    risk 0.00cvss epss 0.04

    WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.