Astra Linux - уязвимость в webkit2gtk

This issue has been resolved through improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2, and iPadOS 18.7.2; iOS 26.1 and iPadOS 26.1; macOS Tahoe 26.1; tvOS 26.1; visionOS 26.1; and watchOS 26.1. A website may exfiltrate image data across origins...

Astra Linux - уязвимость в webkit2gtk

The issue was addressed through improved checks. This issue is fixed in Safari 26.1, iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, and watchOS 26.1. A malicious website may exfiltrate data across origins...

Astra Linux - уязвимость в webkit2gtk

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...

GHSA-GFC2-9QMW-W7VH Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS

Summary The Glances web server exposes a REST API /api/4/ that is accessible without authentication and allows cross-origin requests from any origin due to a permissive CORS policy Access-Control-Allow-Origin: . This allows a malicious website to read sensitive system information from a running...

TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Summary The TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary...

CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the /export endpoint. An attacker can access arbitrary files on the server filesystem, including sensitive configuration files containing secrets, by sending specially crafted requests with double-encoded travers...

MiracleLinux 8 : webkit2gtk3-2.34.6-1.el8.ML.1 (AXSA:2022-3625:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3625:01 advisory. webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free CVE-2022-22620 webkitgtk: Use-after-free leadi...

MiracleLinux 8 : webkit2gtk3-2.50.3-1.el8_10.ML.1 (AXSA:2025-11507:20)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11507:20 advisory. webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS CVE-2025-13502 webkitgtk: Processing...

MiracleLinux 8 : webkit2gtk3-2.48.2-1.el8_10.ML.1 (AXSA:2025-9958:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9958:09 advisory. webkitgtk: A malicious website may exfiltrate data cross-origin CVE-2025-31205 webkitgtk: Processing maliciously crafted web content may lead to an...

MiracleLinux 9 : webkit2gtk3-2.48.2-1.el9_6 (AXSA:2025-10497:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10497:11 advisory. webkitgtk: A malicious website may exfiltrate data cross-origin CVE-2025-31205 webkitgtk: Processing maliciously crafted web content may lead to an...

MiracleLinux 9 : webkit2gtk3-2.50.3-1.el9_7 (AXSA:2025-11554:21)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11554:21 advisory. webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS CVE-2025-13502 webkitgtk: Processing...

TencentOS Server 4: webkit2gtk4.1 (TSSA-2025:0942)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0942 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Important: webkitgtk4

Issue Overview: A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server. CVE-2025-13502 A flaw was found in WebKitGTK. This vulnerability allows...

RHEL 8 : webkit2gtk3 (RHSA-2025:23742)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23742 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkit: WebKitGTK / WPE WebKit:...

RHEL 9 : webkit2gtk3 (RHSA-2025:23591)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23591 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkit: WebKitGTK / WPE WebKit:...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2025:4416-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4416-1 advisory. Update to version 2.50.3. Security issues fixed: - CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote...

RHEL 8 : webkit2gtk3 (RHSA-2025:23434)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23434 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkit: WebKitGTK / WPE WebKit:...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.50.3. Security issues fixed: CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow bsc1254208...