Google Security Research

1,215 exploits Active since May 2013
CVE-2017-6980 EXPLOITDB HIGH html WORKING POC
Apple <10.3.2, <10.1.1, <10.2.1 - RCE
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS 8.8
EIP-2026-103714 EXPLOITDB text WORKING POC
WebKit JSC - 'ObjectPatternNode::appendEntry' Stack Use-After-Free
CVE-2018-4441 EXPLOITDB HIGH javascript WORKING POC
Apple Safari < 12.0.2 - Memory Corruption
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
CVSS 8.8
CVE-2017-7064 EXPLOITDB MEDIUM html WORKING POC
Apple <10.3.3, <10.1.2, <6.2.2, <12.6.2 - Info Disclosure
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVSS 5.5
CVE-2017-6984 EXPLOITDB HIGH html WORKING POC
Apple <10.3.2, <10.1.1, <12.6.1 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS 8.8
CVE-2017-7018 EXPLOITDB HIGH html WORKING POC
Apple Products <10.3.3, <10.1.2, <6.2.2, <12.6.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS 8.8
CVE-2017-7117 EXPLOITDB HIGH html WORKING POC
Apple Products <11 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS 8.8
CVE-2017-7061 EXPLOITDB HIGH text WORKING POC
Apple <10.3.3, <10.1.2, <6.2.2, <12.6.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS 8.8
EIP-2026-103713 EXPLOITDB html WORKING POC
WebKit JSC - 'arrayProtoFuncSplice' Uninitialized Memory Reference
CVE-2017-7056 EXPLOITDB HIGH html WORKING POC
Apple <10.3.3, <10.1.2, <6.2.2, <12.6.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS 8.8
CVE-2018-4443 EXPLOITDB HIGH html WORKING POC
Apple Safari < 12.0.2 - Memory Corruption
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
CVSS 8.8
CVE-2018-4438 EXPLOITDB HIGH html WORKING POC
Apple Safari < 12.0.2 - Memory Corruption
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
CVSS 8.8
CVE-2018-4382 EXPLOITDB HIGH javascript WORKING POC
Apple Safari < 12.0.1 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
CVSS 8.8
CVE-2019-8518 EXPLOITDB HIGH javascript WORKING POC
Apple Icloud < 7.11 - Out-of-Bounds Write
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS 8.8
CVE-2019-8558 EXPLOITDB HIGH javascript WORKING POC
Apple Icloud < 7.11 - Out-of-Bounds Write
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS 8.8
CVE-2019-8506 EXPLOITDB HIGH javascript WORKING POC
Apple Icloud < 7.11 - Type Confusion
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS 8.8
CVE-2018-4121 EXPLOITDB HIGH text WORKING POC
Apple Safari < 11.1 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS 8.8
CVE-2018-4222 EXPLOITDB HIGH html WORKING POC
Apple Safari < 11.1.1 - Out-of-Bounds Read
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.
CVSS 8.8
CVE-2019-8690 EXPLOITDB MEDIUM text WORKING POC
Apple Icloud < 7.13 - XSS
A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
CVSS 6.1
EIP-2026-103711 EXPLOITDB text WORKING POC
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads
EIP-2026-103710 EXPLOITDB html WORKING POC
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
CVE-2018-4218 EXPLOITDB HIGH html WORKING POC
Apple Safari < 11.1.1 - Use After Free
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.
CVSS 8.8
EIP-2026-103709 EXPLOITDB text WRITEUP
WebKit - Universal XSS Using Cached Pages
EIP-2026-103708 EXPLOITDB html WORKING POC
WebKit - Universal XSS in WebCore::command
EIP-2026-103707 EXPLOITDB text WORKING POC
WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive