CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22629 – WordPress iNET Webkit Plugin <= 1.2.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-22629
11 Feb 2025 — Missing Authorization vulnerability in iNET iNET Webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through 1.2.2. The iNET Webkit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/inet-webkit/vulnerability/wordpress-inet-webkit-plugin-1-2-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9948 – Apple Safari replace Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-9948
18 Sep 2020 — A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de confusión de tipo con un manejo de la memoria mejorado. Este problema es corregido en Safari versión 14.0. • http://seclists.org/fulldisclosure/2020/Nov/18 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-9951 – webkitgtk: use-after-free may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-9951
18 Sep 2020 — A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de uso de la memoria previamente liberada con una administración de la memoria mejorada. Este problema es corregido en Safari versión 14.0. • http://seclists.org/fulldisclosure/2020/Nov/18 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9952 – webkitgtk: input validation issue may lead to a cross site scripting
https://notcve.org/view.php?id=CVE-2020-9952
18 Sep 2020 — An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. Se abordó un problema de comprobación de entrada con una comprobación de entrada mejorada. Este problema es corregido en iOS versión 14.0 e iPadOS versión 14.0, tvOS versión 14.0, watchOS versión 7.0, Safari versi... • http://seclists.org/fulldisclosure/2020/Nov/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-4209 – Gentoo Linux Security Advisory 201812-04
https://notcve.org/view.php?id=CVE-2018-4209
01 Oct 2018 — In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. En iOS en versiones anteriores a la 11.3, Safari en versiones anteriores a la 11.1, iCloud para Windows en versiones anteriores a la 7.4, tvOS en versiones anteriores a la 11.3, watchOS en versiones anteriores a la 4.3 e iTunes en versiones anteriores a la 12.7.4 para Wind... • https://security.gentoo.org/glsa/201812-04 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12294 – Gentoo Linux Security Advisory 201808-04
https://notcve.org/view.php?id=CVE-2018-12294
14 Jun 2018 — WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. WebCore/platform/graphics/texmap/TextureMapperLayer.cpp en WebKit, tal y como se emplea en WebKitGTK+ en versiones anteriores a la 2.20.2, es vulnerable a un uso de memoria previamente liberada en un objeto WebCore::TextureMapperLayer. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit that can lead to ... • http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9643 – Gentoo Linux Security Advisory 201706-15
https://notcve.org/view.php?id=CVE-2016-9643
07 Mar 2017 — The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). El código regex en Webkit 2.4.11 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) como se demuestra en un gran número de ($ (abrir paréntesis y dólar) seguido de {-2,16} y un gran número de +) (suma cerrar paréntesis). A large nu... • http://www.openwall.com/lists/oss-security/2016/11/26/2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9642 – Gentoo Linux Security Advisory 201706-15
https://notcve.org/view.php?id=CVE-2016-9642
03 Feb 2017 — JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. JavaScriptCore en WebKit permite a atacantes provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de un archivo Javascript manipulado. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues relat... • http://www.openwall.com/lists/oss-security/2016/11/26/4 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2010-1766
https://notcve.org/view.php?id=CVE-2010-1766
22 Jul 2010 — Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. Error de superación de límite en la función WebSocketHandshake::readServerHandshake en websockets/WebSocketHandshake.cpp en WebCore en WebKit anterior a r56380,... • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 2%CPEs: 45EXPL: 0CVE-2009-3933
https://notcve.org/view.php?id=CVE-2009-3933
12 Nov 2009 — WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. WebKit en versiones anteriores a la r50173, tal como se usa en Google Chrome en versiones anteriores a la 3.0.195.32, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una página web qu... • http://code.google.com/p/chromium/issues/detail?id=25892 • CWE-399: Resource Management Errors •