Aggregates CVE and security vulnerability intelligence across all uzbl-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling; exposure may include vendor impact file overwrite in vendor surface software deployment and vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2012-0843 | uzbl: Information disclosure via world-readable cookies storage file | [email protected] | 5.5 | 0.43% | 2019-11-19 | 2026-06-16 |
| CVE-2010-2809 | The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. | [email protected] | 6.8 | 7.37% | 2010-08-19 | 2026-06-16 |
| CVE-2010-0011 | The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code. | [email protected] | 7.5 | 2.14% | 2010-02-25 | 2026-06-16 |