EUVD-2025-203011

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

CVE-2025-13972 WatchTowerHQ <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

EUVD-2020-25152

Malware in sbrugna...

EUVD-2025-23066

Malicious code in bioql PyPI...

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

webkit2gtk3 security update

An update is available for webkit2gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the...

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.48.5: CVE-2025-31273: Fixed processing maliciously crafted web content leading to memory corruption bsc1247564 CVE-2025-43265: Fixed processing maliciously crafted web content disclosing internal states of the app...

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved checks. This issue is fixed in Safari 18.6 and macOS Sequoia 15.6. The origin of a download may be incorrectly associated...

Linux Distros Unpatched Vulnerability : CVE-2025-43240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated...

AlmaLinux 9 : webkit2gtk3 (ALSA-2025:13782)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:13782 advisory. angle: insufficient input validation can cause undefined behavior CVE-2025-6558 webkitgtk: A download?s origin may be incorrectly associated CVE-2025-432...

RHEL 8 : webkit2gtk3 (RHSA-2025:13780)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13780 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: angle: insufficient input validation...

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...