Vulnerabilities in Facebook

141 results

CVE-2023-49062—Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too EPSS 0.6%CVE-2026-23863MEDIUMAn attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents wEPSS 0.5%CVE-2022-36937CRITICALHHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerouEPSS 0.5%CVE-2018-6336HIGHAn issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing EPSS 0.5%CVE-2026-23866MEDIUMIncomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for AndroidEPSS 0.5%CVE-2024-45773HIGHA use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code executionEPSS 0.5%CVE-2021-24031—In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matchinEPSS 0.4%CVE-2020-1885—Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users tEPSS 0.4%CVE-2021-24032—Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output fileEPSS 0.3%CVE-2020-36838HIGHFacebook Chat Plugin <= 1.5 - Missing Capabilities CheckEPSS 0.3%CVE-2024-45863MEDIUMA null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially rEPSS 0.3%CVE-2020-1906—A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-oEPSS 0.3%CVE-2025-30403HIGHA heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst veEPSS 0.3%CVE-2020-1908—Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of SEPSS 0.3%CVE-2025-55181MEDIUMSending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blEPSS 0.3%CVE-2023-38537MEDIUMA race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video callsEPSS 0.2%CVE-2026-49059MEDIUMWordPress Facebook for WooCommerce plugin <= 3.7.0 - Open Redirection vulnerabilityEPSS 0.2%CVE-2021-24038—Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged pEPSS 0.2%CVE-2023-38538MEDIUMA race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app tEPSS 0.2%CVE-2025-64296MEDIUMWordPress Facebook for WooCommerce plugin <= 3.5.7 - Broken Access Control to Notice Dismissal vulnerabilityEPSS 0.2%

← previouspage 7 / 8next →