Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webkit vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2010-1760
loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.
Apple Webkit
Apple Webkit R56188
Apple Webkit R56379
Apple Webkit R50173
Apple Webkit R56187
4.3
CVSSv2
CVE-2016-9642
JavaScriptCore in WebKit allows malicious users to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.
Webkit Webkit -
5
CVSSv2
CVE-2008-6059
xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote malicious users to obtain sensitive information from cookies via XMLHttpRequest calls, r...
Webkit Webkit
5
CVSSv2
CVE-2009-3933
WebKit before r50173, as used in Google Chrome prior to 3.0.195.32, allows remote malicious users to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::T...
Webkit Webkit
5
CVSSv2
CVE-2016-9643
The regex code in Webkit 2.4.11 allows remote malicious users to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).
Webkit Webkit 2.4.11
7.5
CVSSv2
CVE-2010-1766
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have u...
Digia Qt
Webkit Webkit
10
CVSSv2
CVE-2010-1386
page/Geolocation.cpp in WebCore in WebKit before r56188 and prior to 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.
Apple Webkit
Apple Webkit R50173
7.8
CVSSv2
CVE-2016-4591
WebKit in Apple iOS prior to 9.3.3, Safari prior to 9.1.2, and tvOS prior to 9.2.2 mishandles the location variable, which allows remote malicious users to access the local filesystem via unspecified vectors.
Apple Webkit
6.8
CVSSv2
CVE-2008-1590
JavaScriptCore in WebKit on Apple iPhone prior to 2.0 and iPod touch prior to 2.0 does not properly perform runtime garbage collection, which allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trig...
Webkit Javascriptcore
6.8
CVSSv2
CVE-2018-12294
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
Webkit Webkitgtk\\+
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »