Exploit for Type Confusion in Apple Safari

CVE-2024-23222 — WebKit Type Confusion → iOS 16.4.1 Sandbox Es...

Exploit for Use After Free in Apple Safari

CVE-2025-43529: JavaScriptCore DFG ObjectAllocationSinkingPhas...

Apple Safari JavaScriptCore FTL DataView byteLength Property Handling Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

CVE-2025-43368

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash...

Linux Distros Unpatched Vulnerability : CVE-2015-5814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2016-10226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds re...

CVE-2025-24189

The issue was addressed with improved checks. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to memory corruption...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: CVE-2024-44192: Fixed unexpected process crash due to processing maliciously crafted web content bsc1239863 CVE-2024-54467: Fixed data exilfration cross-origin due to a cookie management issue via a malicious website bsc1239864 Other fixes: ...

PT-2025-5755 · Unknown · @Zag-Js/Core

Name of the Vulnerable Software and Affected Versions: @zag-js/core version 0.50.0 Description: A prototype pollution issue in the lib.deepMerge function allows attackers to cause a Denial of Service DoS by supplying a crafted payload. Recommendations: For @zag-js/core version 0.50.0, consider...

SUSE CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

DEBIAN-CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

Design/Logic Flaw

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

JavaScript Core Arbitrary Code Execution

// Load Int library, thanks saelo! load'util.js'; load'int64.js'; // Helpers to convert from float to in a few random places var conva = new ArrayBuffer8; var convf = new Float64Arrayconva; var convi = new Uint32Arrayconva; var convi8 = new Uint8Arrayconva; var floatarrmagic = new...

CVE-2017-2492

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that triggers...

Apple Safari and iOS JavaScriptCore Memory Misreference Vulnerability

Apple Safari and iOS are both products of Apple Inc. Apple Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems. iOS is a set of operating systems developed for mobile devices. JavaScriptCore is one of the frameworks. A memory misreference...