Wpewebkit Wpe_webkit
23 CVEs affecting Wpewebkit Wpe_webkit. Latest disclosed: 2025-09-15. Critical: 5, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-13753 | Critical | 10.0 | 2020-07-14 | The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER coul… |
CVE-2025-43343 | Critical | 9.8 | 2025-09-15 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26… |
CVE-2025-43342 | Critical | 9.8 | 2025-09-15 | A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS… |
CVE-2023-40397 | Critical | 9.8 | 2023-09-06 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execu… |
CVE-2020-10018 | Critical | 9.8 | 2020-03-02 | WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that ma… |
CVE-2025-6558 | High | 8.8 | 2025-07-15 | Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox… |
CVE-2023-28198 | High | 8.8 | 2023-08-14 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web conte… |
CVE-2019-8720 | High | 8.8 | 2023-03-06 | A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved… |
CVE-2022-32893 | High | 8.8 | 2022-08-24 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15… |
CVE-2022-2294 | High | 8.8 | 2022-07-28 | Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pag… |
CVE-2020-11793 | High | 8.8 | 2020-04-17 | A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary… |
CVE-2018-12293 | High | 8.8 | 2018-06-19 | The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to versi… |
CVE-2019-6251 | High | 8.1 | 2019-01-14 | WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious… |
CVE-2021-30952 | High | 7.8 | 2021-08-24 | An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2… |
CVE-2024-23284 | Medium | 6.5 | 2024-03-08 | A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS S… |
CVE-2024-23280 | Medium | 6.5 | 2024-03-08 | An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS… |
CVE-2024-23263 | Medium | 6.5 | 2024-03-08 | A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma… |
CVE-2024-23254 | Medium | 6.5 | 2024-03-08 | The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, wa… |
CVE-2024-27834 | Medium | 5.5 | 2024-05-14 | The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tv… |
CVE-2023-32370 | Medium | 5.3 | 2023-09-06 | A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fa… |