Webkitgtk

webkitgtk

Vendor: Webkitgtk • 130 CVEs

CVEs (130)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-43343 3Apple WebkitgtkWpewebkit 9Ipados Iphone OsMacos+6 more Apr 2, 2026 Sep 15, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an u...Show more The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.Show less
CVE-2025-43342 3Apple WebkitgtkWpewebkit 9Ipados Iphone OsMacos+6 more Apr 2, 2026 Sep 15, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted w...Show more A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.Show less
CVE-2025-6558 5Apple DebianGoogle+2 more 10Chrome Debian LinuxIpados+7 more Nov 6, 2025 Jul 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:...Show more Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)Show less
CVE-2024-27834 4Apple FedoraprojectWebkitgtk+1 more 9Fedora IpadosIphone Os+6 more Apr 2, 2026 May 14, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and wr...Show more The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.Show less
CVE-2024-23284 4Apple FedoraprojectWebkitgtk+1 more 10Fedora IpadosIphone Os+7 more Apr 2, 2026 Mar 8, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing...Show more A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.Show less
CVE-2024-23280 4Apple FedoraprojectWebkitgtk+1 more 9Fedora Ipad OsIphone Os+6 more Apr 2, 2026 Mar 8, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprin...Show more An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.Show less
CVE-2024-23263 4Apple FedoraprojectWebkitgtk+1 more 10Fedora IpadosIphone Os+7 more Apr 2, 2026 Mar 8, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing malic...Show more A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.Show less
CVE-2024-23254 4Apple FedoraprojectWebkitgtk+1 more 10Fedora Ipad OsIphone Os+7 more Apr 2, 2026 Mar 8, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cro...Show more The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.Show less
CVE-2023-42843 4Apple FedoraprojectWebkitgtk+1 more 7Fedora Ipad OsIphone Os+4 more Dec 9, 2024 Feb 21, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious websi...Show more An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.Show less
CVE-2023-42917 4Apple DebianFedoraproject+1 more 7Debian Linux FedoraIpados+4 more Oct 23, 2025 Nov 30, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution....Show more A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.Show less
CVE-2023-42916 4Apple DebianFedoraproject+1 more 7Debian Linux FedoraIpados+4 more Oct 23, 2025 Nov 30, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Appl...Show more An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.Show less
CVE-2023-39928 3Debian FedoraprojectWebkitgtk 3Debian Linux FedoraWebkitgtk Nov 4, 2025 Oct 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A...Show more A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.Show less
CVE-2023-41993 6Apple DebianFedoraproject+3 more 14Active Iq Unified Manager Cloud Insights Acquisition UnitCloud Insights Storage Workload Security Agent+11 more Nov 5, 2025 Sep 21, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploit...Show more The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.Show less
CVE-2023-40397 3Apple WebkitgtkWpewebkit 3Macos WebkitgtkWpe Webkit Nov 21, 2024 Sep 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
CVE-2023-32370 3Apple WebkitgtkWpewebkit 3Macos WebkitgtkWpe Webkit Nov 21, 2024 Sep 6, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.
CVE-2023-28198 3Apple WebkitgtkWpewebkit 5Ipados Iphone OsMacos+2 more Nov 21, 2024 Aug 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
CVE-2023-37450 2Apple Webkitgtk 7Ipados Iphone OsMacos+4 more Oct 23, 2025 Jul 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple...Show more The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.Show less
CVE-2023-32439 2Apple Webkitgtk 5Ipados Iphone OsMacos+2 more Oct 23, 2025 Jun 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web conten...Show more A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.Show less
CVE-2023-32373 3Apple RedhatWebkitgtk 8Enterprise Linux IpadosIphone Os+5 more Oct 23, 2025 Jun 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing mal...Show more A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.Show less
CVE-2023-28204 2Apple Webkitgtk 7Ipados Iphone OsMacos+4 more Oct 23, 2025 Jun 23, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web c...Show more An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.Show less

12 3 4 5 6 7 Next