Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AppleSafari

1524 matches found

CVE
CVEadded 2008/03/19 12:44 a.m.36 views

CVE-2008-1006

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

4.3CVSS5.3AI score0.00977EPSS
CVE
CVEadded 2008/03/19 12:44 a.m.36 views

CVE-2008-1007

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3CVSS5.3AI score0.00949EPSS
CVE
CVEadded 2009/03/24 2:30 p.m.36 views

CVE-2009-1060

Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009.

9.3CVSS7.4AI score0.13958EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.36 views

CVE-2012-3600

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.36 views

CVE-2012-3608

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.36 views

CVE-2012-3639

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.02826EPSS
CVE
CVEadded 2007/11/15 12:46 a.m.35 views

CVE-2007-4698

Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.

4.3CVSS6.5AI score0.01128EPSS
CVE
CVEadded 2008/03/19 12:44 a.m.35 views

CVE-2008-1008

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.

4.3CVSS5.3AI score0.00977EPSS
CVE
CVEadded 2008/07/14 6:41 p.m.35 views

CVE-2008-1589

Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.

4.3CVSS6.1AI score0.00256EPSS
CVE
CVEadded 2009/06/10 2:30 p.m.35 views

CVE-2009-1682

Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.

4.3CVSS6.8AI score0.00387EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.35 views

CVE-2012-3603

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVEadded 2005/09/21 10:3 p.m.34 views

CVE-2005-3018

Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL.

5CVSS6.5AI score0.04452EPSS
CVE
CVEadded 2008/03/19 12:44 a.m.34 views

CVE-2008-1003

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.

4.3CVSS5.1AI score0.00977EPSS
CVE
CVEadded 2008/03/19 12:44 a.m.34 views

CVE-2008-1004

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.

4.3CVSS5.2AI score0.00977EPSS
CVE
CVEadded 2009/05/11 3:30 p.m.34 views

CVE-2009-1600

Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated b...

9.3CVSS6.3AI score0.00242EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.34 views

CVE-2012-3593

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVEadded 2024/01/10 10:15 p.m.34 views

CVE-2023-40385

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.

6.5CVSS6.7AI score0.00208EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.33 views

CVE-2012-3596

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVEadded 2008/07/14 11:41 p.m.32 views

CVE-2008-3171

Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

5CVSS5.7AI score0.0026EPSS
CVE
CVEadded 2016/03/24 1:59 a.m.32 views

CVE-2016-1771

The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.

7.1CVSS6.4AI score0.0048EPSS
CVE
CVEadded 2008/04/28 8:5 p.m.31 views

CVE-2008-2000

Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

4.3CVSS6.4AI score0.00694EPSS
CVE
CVEadded 2010/03/29 7:30 p.m.30 views

CVE-2010-1178

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string.

4.3CVSS6.3AI score0.0045EPSS
CVE
CVEadded 2017/04/03 5:59 a.m.26 views

CVE-2016-10226

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssembl...

7.5CVSS7.3AI score0.00464EPSS
CVE
CVEadded 2025/05/19 4:15 p.m.25 views

CVE-2025-24189

The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.

8.8CVSS5.5AI score0.00026EPSS
Total number of security vulnerabilities1524