Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AppleSafari*

1435 matches found

CVE
CVEadded 2012/03/08 10:55 p.m.38 views

CVE-2012-0636

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

7.6CVSS7.5AI score0.00861EPSS
CVE
CVEadded 2012/03/12 9:55 p.m.38 views

CVE-2012-0640

WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.

5CVSS6AI score0.00291EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.38 views

CVE-2012-3597

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.38 views

CVE-2012-3608

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.38 views

CVE-2012-3639

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.02826EPSS
CVE
CVEadded 2017/05/22 5:29 a.m.38 views

CVE-2017-2511

An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

6.5CVSS6.2AI score0.00217EPSS
CVE
CVEadded 2008/03/19 12:44 a.m.37 views

CVE-2008-1007

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3CVSS5.3AI score0.00949EPSS
CVE
CVEadded 2008/07/14 6:41 p.m.37 views

CVE-2008-1589

Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.

4.3CVSS6.1AI score0.00256EPSS
CVE
CVEadded 2009/03/24 2:30 p.m.37 views

CVE-2009-1060

Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009.

9.3CVSS7.4AI score0.13958EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.37 views

CVE-2012-3600

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.37 views

CVE-2012-3603

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVEadded 2015/12/11 11:59 a.m.37 views

CVE-2015-7093

Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site.

4.3CVSS5.8AI score0.00266EPSS
CVE
CVEadded 2007/11/15 12:46 a.m.36 views

CVE-2007-4698

Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.

4.3CVSS6.5AI score0.01128EPSS
CVE
CVEadded 2009/06/10 2:30 p.m.36 views

CVE-2009-1682

Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.

4.3CVSS6.8AI score0.00387EPSS
CVE
CVEadded 2024/01/10 10:15 p.m.36 views

CVE-2023-40385

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.

6.5CVSS6.7AI score0.00208EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.36 views

CVE-2025-43227

This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information.

7.5CVSS5.3AI score0.00073EPSS
CVE
CVEadded 2009/05/11 3:30 p.m.35 views

CVE-2009-1600

Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated b...

9.3CVSS6.3AI score0.00242EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.35 views

CVE-2012-3593

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVEadded 2012/07/25 8:55 p.m.35 views

CVE-2012-3596

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.35 views

CVE-2025-43240

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated.

6.2CVSS5.5AI score0.00014EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.35 views

CVE-2025-43265

An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may disclose internal states of the app.

4CVSS5.3AI score0.00016EPSS
CVE
CVEadded 2008/07/14 11:41 p.m.33 views

CVE-2008-3171

Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

5CVSS5.7AI score0.0026EPSS
CVE
CVEadded 2016/03/24 1:59 a.m.32 views

CVE-2016-1771

The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.

7.1CVSS6.4AI score0.0048EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.32 views

CVE-2025-31273

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to memory corruption.

8.8CVSS5.4AI score0.0005EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.32 views

CVE-2025-31278

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.

8.8CVSS5.4AI score0.0005EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.32 views

CVE-2025-43212

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

6.5CVSS5.4AI score0.00046EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.32 views

CVE-2025-43216

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

6.5CVSS5.5AI score0.00046EPSS
CVE
CVEadded 2010/03/29 7:30 p.m.31 views

CVE-2010-1178

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string.

4.3CVSS6.3AI score0.0045EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.31 views

CVE-2025-43211

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing web content may lead to a denial-of-service.

6.2CVSS5.3AI score0.00017EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.29 views

CVE-2025-43228

The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5.4AI score0.00027EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.12 views

CVE-2025-31277

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.

8.8CVSS5.4AI score0.0005EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.8 views

CVE-2025-43213

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

6.5CVSS5.4AI score0.00046EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.8 views

CVE-2025-43214

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

6.5CVSS5.4AI score0.00046EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.8 views

CVE-2025-43229

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS5.3AI score0.00031EPSS
CVE
CVEadded 2025/07/30 12:15 a.m.7 views

CVE-2025-24188

A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

6.5CVSS5.6AI score0.00037EPSS
Total number of security vulnerabilities1435