📦 Safari

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass Lockdown Mode restrictions and access Web APIs that should be blocked. This affects macOS users wit...

This vulnerability in Apple's Safari browser and related operating systems allows processing malicious web content to cause unexpected process crashes. It affects users of Safari, iOS, iPadOS, tvOS, w...

This vulnerability allows malicious websites to bypass the Same Origin Policy in Apple's Safari browser and related WebKit-based browsers. This could enable cross-site data theft or session hijacking....

This vulnerability in Apple's Safari browser and related operating systems allows attackers to misrepresent a download's origin, potentially tricking users into executing malicious files. It affects S...

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via an out-of-bounds write issue, potentially enabling arbitrary code execution. It affects Apple devic...

This CVE describes an authentication bypass vulnerability in Apple's Private Browsing feature across multiple platforms. Attackers could access Private Browsing tabs without proper authentication, pot...

This is a critical memory corruption vulnerability in Apple's WebKit browser engine that affects multiple Apple operating systems and Safari. Processing malicious web content could allow attackers to ...

This vulnerability allows users to bypass web content restrictions through improper URL protocol handling in Apple operating systems and Safari. It affects users running vulnerable versions of tvOS, v...

This is a use-after-free vulnerability in ANGLE (Almost Native Graphics Layer Engine) component of Google Chrome. It allows remote attackers to potentially exploit heap corruption via crafted HTML pag...

This is a critical use-after-free vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. It affects all Apple devices running outdat...

This vulnerability allows a remote attacker to cause unexpected app termination or execute arbitrary code on affected Apple devices. It affects macOS, iOS, iPadOS, tvOS, and Safari users who haven't u...

This is a critical use-after-free memory corruption vulnerability in Apple's iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud for Windows. A remote attacker could exploit this to crash applicati...

This CVE describes a memory handling vulnerability in Apple operating systems and Safari that could allow a remote attacker to cause denial-of-service. The issue affects macOS, iOS, iPadOS, visionOS, ...

This CVE describes a path handling vulnerability (CWE-22) in multiple Apple operating systems and Safari that allows a remote attacker to write arbitrary files to affected systems. The vulnerability a...

A use-after-free vulnerability in Apple's WebKit browser engine allows processing malicious web content to execute arbitrary code. This affects multiple Apple operating systems and Safari browser vers...

This vulnerability allows remote attackers to perform out-of-bounds memory access in ANGLE (Almost Native Graphics Layer Engine) in Google Chrome on macOS. Attackers can exploit this by tricking users...

A use-after-free vulnerability in Apple's WebKit browser engine allows memory corruption when processing malicious web content. This affects users of macOS, iOS, iPadOS, and Safari who visit compromis...

This CVE describes a privacy bypass vulnerability in Apple operating systems where applications can circumvent certain privacy preferences, potentially accessing sensitive data they shouldn't. It affe...

This vulnerability allows sandboxed applications on Apple operating systems to observe system-wide network connections, potentially exposing sensitive network traffic information. It affects multiple ...

This vulnerability allows remote attackers to view leaked DNS queries when Apple's Private Relay feature is enabled. It affects users of Safari, iOS, iPadOS, tvOS, watchOS, and visionOS with Private R...

This vulnerability in Apple's WebKit browser engine allows malicious web content to bypass security controls and access sensitive user information. It affects Safari and all Apple operating systems th...

This memory corruption vulnerability in Apple's WebKit browser engine allows attackers to execute arbitrary code by tricking users into visiting malicious websites. It affects Safari and all Apple ope...

This is a memory corruption vulnerability in Apple's WebKit browser engine affecting multiple Apple operating systems. Processing malicious web content could allow attackers to execute arbitrary code ...

This vulnerability in Google Chrome's ANGLE and GPU components allows insufficient input validation, enabling a remote attacker to potentially escape the browser sandbox via a malicious HTML page. All...

This memory corruption vulnerability in Apple's WebKit browser engine allows attackers to execute arbitrary code by tricking users into visiting malicious websites. It affects Safari and all Apple ope...

This memory corruption vulnerability in Apple's WebKit browser engine allows attackers to execute arbitrary code by tricking users into visiting malicious websites. It affects all Apple devices runnin...

This is a memory corruption vulnerability in Apple's WebKit browser engine affecting multiple Apple operating systems and Safari. Processing malicious web content could allow attackers to execute arbi...

This is a cross-site request forgery (CSRF) vulnerability in Apple's WebKit browser engine that could allow memory corruption when processing malicious web content. It affects users of Apple devices a...

This CVE describes a use-after-free vulnerability in Apple's WebKit browser engine that could allow arbitrary code execution when processing malicious web content. It affects multiple Apple operating ...

This vulnerability allows malicious applications to bypass permission checks and gain unauthorized access to the local network on Apple devices. It affects Safari browsers and Apple operating systems ...

A type confusion vulnerability in Apple's WebKit browser engine could allow memory corruption when processing floating-point numbers. This affects users of Apple devices running vulnerable versions of...

This CVE describes a buffer overflow vulnerability in Apple's web content processing components. Attackers can cause unexpected process crashes by tricking users into visiting malicious websites. Affe...

This memory handling vulnerability in Apple's web content processing allows attackers to cause denial-of-service conditions. It affects users of Apple devices and software that process web content, in...

This vulnerability allows malicious applications to bypass browser extension authentication in Safari by exploiting a logging issue that exposes sensitive data. It affects macOS users running vulnerab...

This vulnerability allows command injection when copying URLs from Web Inspector in affected Apple products. Attackers could execute arbitrary commands on the system by tricking users into copying mal...

This vulnerability allows processing a malicious file to cause unexpected app termination or arbitrary code execution on affected Apple devices. It affects macOS, iOS, iPadOS, Safari, watchOS, tvOS, a...

This CVE describes a type confusion vulnerability in Apple's WebKit browser engine that could allow memory corruption when processing malicious web content. Attackers could exploit this to execute arb...

This vulnerability in Apple's WebKit browser engine allows processing malicious web content to cause unexpected process crashes. It affects users of Safari browser and Apple operating systems includin...

This vulnerability allows an attacker to exploit a trust relationship to download malicious content onto Apple devices. It affects iOS, iPadOS, visionOS, macOS, and Safari users running vulnerable ver...

This CVE describes an integer overflow vulnerability in Apple's WebKit browser engine that could allow arbitrary code execution when processing malicious web content. It affects multiple Apple operati...

This is a memory corruption vulnerability in Apple's WebKit browser engine, allowing arbitrary code execution when processing malicious web content. It affects multiple Apple operating systems and Saf...

This memory handling vulnerability in Apple's WebKit browser engine allows processing malicious web content to execute arbitrary code on affected devices. It affects users of Apple's operating systems...

This memory handling vulnerability in Apple's WebKit browser engine allows processing malicious web content to execute arbitrary code on affected devices. It affects users of Apple's operating systems...

This memory handling vulnerability in Apple's WebKit browser engine allows processing malicious web content to execute arbitrary code on affected devices. It affects macOS, iOS, iPadOS, tvOS, Safari, ...

This is a memory corruption vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. It affects iOS, iPadOS, macOS, and Safari users r...

This is a logic vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting sp...

This CVE describes a use-after-free vulnerability in Apple's web content processing components that could allow arbitrary code execution when visiting malicious websites. It affects multiple Apple ope...

This vulnerability allows arbitrary code execution when processing malicious web content in Apple's WebKit browser engine. It affects users of Safari and Apple operating systems before the 2023 update...

This vulnerability in Safari's iframe sandbox enforcement allows attackers with JavaScript execution to bypass security restrictions and execute arbitrary code. It affects Safari users on macOS and iO...

This is a memory corruption vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. Attackers can exploit this by tricking users into...

This is a memory corruption vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. It affects iOS, iPadOS, tvOS, macOS, Safari, and ...

This vulnerability allows arbitrary code execution when processing malicious web content. It affects Apple devices running vulnerable versions of iOS, iPadOS, tvOS, macOS, Safari, and watchOS. Attacke...

This vulnerability allows malicious websites to track users through Safari web extensions due to improper state management. It affects users of Apple's Safari browser across multiple Apple operating s...

This memory handling vulnerability in Apple's WebKit browser engine allows processing malicious web content to cause unexpected process crashes. It affects users of macOS, iOS, iPadOS, visionOS, and S...

This CVE describes a memory handling vulnerability in Apple's WebKit browser engine that affects multiple Apple operating systems and Safari. Processing malicious web content could cause unexpected pr...

This memory handling vulnerability in Apple's WebKit browser engine allows processing malicious web content to cause unexpected process crashes. It affects users of iOS, iPadOS, Safari, macOS, and vis...

This CVE describes a memory management vulnerability in Apple's WebKit browser engine that could cause unexpected process crashes when processing malicious web content. It affects multiple Apple opera...

This CVE describes a macOS and Safari vulnerability where insufficient permission checks could allow an application to access sensitive user data. The issue affects macOS Tahoe and Safari versions bef...

This CVE describes a memory handling vulnerability in Apple's Safari browser and related operating systems. Processing malicious web content could cause an unexpected process crash (denial of service)...

A use-after-free vulnerability in Apple's web content processing allows attackers to cause unexpected process crashes by tricking users into visiting malicious websites. This affects macOS, iOS, iPadO...

A type confusion vulnerability in Apple's Safari browser and related operating systems could cause unexpected crashes when processing malicious web content. This affects users running vulnerable versi...

A buffer overflow vulnerability in Apple's Safari browser and related operating systems allows attackers to cause unexpected process crashes by tricking users into visiting malicious websites. This af...

This CVE describes a user interface spoofing vulnerability in Apple operating systems and Safari browser. Visiting a malicious website could allow attackers to present fake interface elements, potenti...

This CVE describes an address bar spoofing vulnerability in Apple web browsers. Visiting a malicious website could allow attackers to display a fake URL in the address bar, tricking users into thinkin...

This vulnerability allows malicious websites to bypass same-origin policy protections and exfiltrate image data from other websites. It affects users of Apple's Safari browser and operating systems wi...

A use-after-free vulnerability in Apple Safari, iOS, and iPadOS allows processing malicious web content to cause unexpected crashes. This affects users running vulnerable versions of these Apple produ...

This vulnerability allows malicious websites to access device sensor data (like motion, orientation, or environmental sensors) without obtaining user permission. It affects Apple devices running vulne...

This Safari vulnerability allows malicious websites to spoof the address bar, making users believe they're on a legitimate site when they're actually on an attacker-controlled page. It affects Safari ...

This Safari/iOS/iPadOS vulnerability allows malicious web content to trigger unexpected URL redirections due to improper URL validation. It affects users of Apple's Safari browser and iOS/iPadOS devic...

This vulnerability allows attackers to execute universal cross-site scripting (XSS) attacks by processing malicious web content. It affects macOS and Safari users who haven't updated to patched versio...

This CVE describes a logic flaw in macOS and Safari where a download's origin may be incorrectly associated, potentially allowing malicious downloads to appear legitimate. It affects macOS users befor...

A memory handling vulnerability in Apple WebKit (CWE-119) allows malicious web content to cause Safari to crash unexpectedly. This affects users of Safari and Apple operating systems before the patche...

This CVE describes a memory handling vulnerability in Apple's Safari browser and related WebKit components across multiple Apple operating systems. Processing malicious web content could cause Safari ...

A use-after-free vulnerability in Apple's Safari browser and related WebKit components allows attackers to cause unexpected crashes by processing malicious web content. This affects users of Safari on...

This CVE describes a logic flaw in Safari that could be exploited by malicious web content to cause unexpected crashes. The vulnerability affects Safari users on macOS, potentially leading to denial o...

This CVE describes a memory handling vulnerability in Apple's WebKit browser engine that could cause Safari to crash when processing malicious web content. It affects multiple Apple operating systems ...

This vulnerability allows malicious web content to cause unexpected process crashes in Apple's Safari browser and operating systems. It affects users running outdated versions of watchOS, tvOS, iPadOS...

A type confusion vulnerability in Apple's Safari browser and related operating systems could cause unexpected crashes when processing malicious web content. This affects users of Safari 18.5 and earli...

This CVE describes a memory handling vulnerability in Apple's Safari browser and related operating systems. Processing malicious web content could cause Safari to crash unexpectedly. Users of affected...

A script imports isolation vulnerability in Apple WebKit allows malicious websites to bypass security boundaries and access sensitive data from other websites or browser sessions. This affects users o...

This vulnerability allows malicious web content to cause unexpected process crashes in Apple's WebKit browser engine. It affects users of Safari and Apple operating systems with vulnerable versions. T...

This vulnerability is an out-of-bounds read (CWE-125) in Apple's WebKit browser engine that could cause unexpected process crashes when processing malicious web content. It affects multiple Apple oper...

A logic vulnerability in Apple's iOS, iPadOS, Safari, and macOS allows malicious applications to access a user's Safari browsing history without proper authorization. This affects users running outdat...

This CVE describes a race condition vulnerability in Apple's web content processing that could allow an attacker to cause unexpected process crashes. It affects multiple Apple operating systems and Sa...