Every CVE whose affected-product data names Gnome Epiphany, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2019-6251 — CVSS 8.1 (high): WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker…
CVE-2023-26081 — CVSS 7.5 (high): In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in…
CVE-2017-1000025 — CVSS 7.5 (high): GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to…
CVE-2018-11396 — CVSS 7.5 (high): ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service…
CVE-2018-12016 — CVSS 7.5 (high): libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via…
CVE-2022-29536 — CVSS 7.5 (high): In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI…
CVE-2008-5985 — CVSS 6.9 (medium): Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute…
CVE-2021-45085 — CVSS 6.1 (medium): XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when…
CVE-2021-45086 — CVSS 6.1 (medium): XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name…
CVE-2021-45087 — CVSS 6.1 (medium): XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by…
CVE-2010-3312 — CVSS 5.8 (medium): Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https…
CVE-2005-0238 — CVSS 5.0 (medium): The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names…