libxslt: Processing web content may disclose sensitive information

A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling...

Linux Distros Unpatched Vulnerability : CVE-2026-20665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS...

Mastodon 安全漏洞

Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. There are security vulnerabilities in versions prior to Mastodon 4.5.8, specifically the 4.5.x branch, and versions prior to Mastodon 4.4.15, specifically the 4.4.x branch. These vulnerabilities stem...

CVE-2026-28879

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may...

VulnCheck KEV: CVE-2023-43000

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption...

TencentOS Server 2: webkitgtk4 (TSSA-2025:0990)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0990 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

CVE-2023-40420

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service...

CLSA-2025-1767094035 webkit2gtk3: Fix of 7 CVEs

Update to 2.50.4 to fix the following vulnerabilities: - CVE-2025-14174: fix memory corruption via improved validation of web content - CVE-2025-43501: fix buffer overflow with improved memory handling to prevent process crashes - CVE-2025-43529: fix use-after-free in memory management to prevent...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 8 : webkit2gtk3 (RHSA-2025:23973)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23973 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: webkitgtk: Use-after-free...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause JIT issues due to improper checks and result in an unexpected process crash...

webkit2gtk3 security update

An update is available for webkit2gtk3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the...

CVE-2025-43536

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.50.3. Security issues fixed: CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow bsc1254208...

CVE-2025-66844

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

PT-2025-51250

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

PT-2025-49101

Name of the Vulnerable Software and Affected Versions WebKitGTK affected versions not specified Description A flaw exists in WebKitGTK where processing malicious web content can lead to an unexpected process crash due to improper memory handling. Recommendations At the moment, there is no...

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2025-43272 webkitgtk: Processing maliciously crafted web content may lead to an unexpected proces...

CVE-2025-43434

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...

CVE-2025-43432

A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...