Lucene search
K

25 matches found

OSV
OSV
added 2026/06/16 1:16 p.m.3 views

UBUNTU-CVE-2026-12322

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 11:52 a.m.8 views

EUVD-2026-37068

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.2AI score0.00165EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 11:52 a.m.15 views

CVE-2026-12322

CVE-2026-12322 is a clickjacking vulnerability in the Gtk Widget component affecting Mozilla Firefox and Thunderbird. The issue, described across multiple sources, is due to a UI framing/embedding flaw that could enable deceptive UI interaction. Affected products were updated to mitigate the vuln...

5.4CVSS5.2AI score0.00165EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-49691

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A clickjacking issue exists in the Widget: Gtk component. Clickjacking is a technique where an attacker tricks a user into clicking something different from what the...

9.6CVSS5.8AI score0.00476EPSS
Exploits0References49
Fedora
Fedora
added 2026/04/14 1:8 a.m.3 views

[SECURITY] Fedora 42 Update: webkitgtk-2.52.1-1.fc42

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

8.8CVSS7AI score0.00961EPSS
Exploits2
Fedora
Fedora
added 2026/01/02 12:57 a.m.8 views

[SECURITY] Fedora 42 Update: webkitgtk-2.50.4-1.fc42

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

8.8CVSS7.9AI score0.32EPSS
Exploits14
OSV
OSV
added 2025/04/29 5:1 p.m.4 views

CLSA-2025-1745946091 gtk3: Fix of CVE-2024-6655

CVE-2024-6655: prevent injection of libraries from current working directory...

7CVSS5.8AI score0.00464EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/12 9:37 a.m.4 views

gtk3: gtk2: Library injection from CWD

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...

7CVSS7.2AI score0.00464EPSS
Exploits0References6
OSV
OSV
added 2024/07/16 3:15 p.m.2 views

DEBIAN-CVE-2024-6655

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...

7CVSS7AI score0.00464EPSS
Exploits0References1
OSV
OSV
added 2024/07/16 3:15 p.m.6 views

AZL-43381 CVE-2024-6655 affecting package gtk2 for versions less than 2.24.32-12

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...

7CVSS6.8AI score0.00464EPSS
Exploits0References1
OSV
OSV
added 2024/07/16 1:3 p.m.11 views

USN-6899-1 gtk+2.0, gtk+3.0 vulnerability

It was discovered that GTK would attempt to load modules from the current directory, contrary to expectations. If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges...

7CVSS7AI score0.00464EPSS
Exploits0References2
OSV
OSV
added 2024/07/11 12:0 a.m.0 views

UBUNTU-CVE-2024-6655

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...

7CVSS6.9AI score0.00464EPSS
Exploits0References3
RustSec
RustSec
added 2024/03/04 12:0 p.m.5 views

gtk-rs GTK3 bindings - no longer maintained

The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...

7.1AI score
Exploits0
RustSec
RustSec
added 2024/03/04 12:0 p.m.4 views

gtk-rs GTK3 bindings - no longer maintained

The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...

7.1AI score
Exploits0
RustSec
RustSec
added 2024/03/04 12:0 p.m.5 views

gtk-rs GTK3 bindings - no longer maintained

The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.3 views

SUSE CVE-2004-0783

Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...

7.5CVSS8.6AI score0.09434EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.4 views

SUSE CVE-2013-7447

Integer overflow in the gdkcairosetsourcepixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service crash via a large image file, which triggers a large...

6.5CVSS7.2AI score0.04633EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/01/25 3:33 p.m.4 views

Mozilla: Arbitrary file read from GTK drag and drop on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.3 views

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer error vulnerability that originates from not performing validation checks on GTK drag and drop data. An attacker could exploit the vulnerability to obtain sensitiv...

8.8CVSS8.6AI score0.00521EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/03/14 3:23 p.m.4 views

OpenJDK: GTK library loading use-after-free (AWT, 8185325)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

6.1CVSS7.4AI score0.05107EPSS
Exploits0References4
Rows per page
Query Builder