CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22629 – WordPress iNET Webkit Plugin <= 1.2.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-22629
11 Feb 2025 — Missing Authorization vulnerability in iNET iNET Webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through 1.2.2. The iNET Webkit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/inet-webkit/vulnerability/wordpress-inet-webkit-plugin-1-2-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9643 – Gentoo Linux Security Advisory 201706-15
https://notcve.org/view.php?id=CVE-2016-9643
07 Mar 2017 — The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). El código regex en Webkit 2.4.11 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) como se demuestra en un gran número de ($ (abrir paréntesis y dólar) seguido de {-2,16} y un gran número de +) (suma cerrar paréntesis). A large nu... • http://www.openwall.com/lists/oss-security/2016/11/26/2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9642 – Gentoo Linux Security Advisory 201706-15
https://notcve.org/view.php?id=CVE-2016-9642
03 Feb 2017 — JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. JavaScriptCore en WebKit permite a atacantes provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de un archivo Javascript manipulado. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues relat... • http://www.openwall.com/lists/oss-security/2016/11/26/4 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2010-1766
https://notcve.org/view.php?id=CVE-2010-1766
22 Jul 2010 — Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. Error de superación de límite en la función WebSocketHandshake::readServerHandshake en websockets/WebSocketHandshake.cpp en WebCore en WebKit anterior a r56380,... • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 2%CPEs: 45EXPL: 0CVE-2009-3933
https://notcve.org/view.php?id=CVE-2009-3933
12 Nov 2009 — WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. WebKit en versiones anteriores a la r50173, tal como se usa en Google Chrome en versiones anteriores a la 3.0.195.32, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una página web qu... • http://code.google.com/p/chromium/issues/detail?id=25892 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-6059
https://notcve.org/view.php?id=CVE-2008-6059
05 Feb 2009 — xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. xml/XMLHttpRequest.cpp en WebCore de WebKit anterior a r38566, no restringe el acceso adecuadamente de las páginas Web de las cabeceras de respuesta HTTP (1) Set-Cookie y (2) Set-Cookie2; esto ... • http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp • CWE-264: Permissions, Privileges, and Access Controls •