A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-04-10, 0 days ago. The vendor is given until 2025-08-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Read More

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-54551

ajajfxhj discovered that processing web content may lead to a
denial-of-service.

CVE-2025-24208

Muhammad Zaid Ghifari and Kalimantan Utara discovered that loading
a malicious iframe may lead to a cross-site scripting attack.

CVE-2025-24209

Francisco Alonso and an anonymous researcher discovered that
processing maliciously crafted web content may lead to an
unexpected process crash.

CVE-2025-24213

The Google V8 Security Team discovered that a type confusion issue
could lead to memory corruption. Note that this CVE is fixed only
on ARM architectures. x86_64 is not vulnerable, x86 is not
vulnerable when the SSE2 instruction set is enabled; but other
architectures remain vulnerable.

CVE-2025-24216

Paul Bakker discovered that processing maliciously crafted web
content may lead to an unexpected Safari crash.

CVE-2025-24264

Gary Kwong and an anonymous researcher discovered that processing
maliciously crafted web content may lead to an unexpected crash.

CVE-2025-30427

rheza discovered that processing maliciously crafted web content
may lead to an unexpected crash.

https://security-tracker.debian.org/tracker/DSA-5899-1

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More

Kim Alvefur discovered that Dino did not correctly sanitize certain
messages. A remote attacker could possibly use this issue to leak
sensitive information.

Read More