CVE Tools

facebook

CommunicationsUScommercial

118

Cumulative CVEs

24

Monthly snapshots

#25

Peak rank

Top products

react4 proxygen1

Latest CVEs

The 15 most recently published vulnerabilities affecting facebook.

CVE-2026-49059WordPress Facebook for WooCommerce plugin <= 3.7.0 - Open Redirection vulnerability4.7May 27, 2026
CVE-2026-23866Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to tri...4.3May 1, 2026
CVE-2026-23863An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the...6.5May 1, 2026
CVE-2026-23864Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vu...7.5Jan 26, 2026
CVE-2025-67779It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19...7.5Dec 11, 2025
CVE-2025-55184A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-ser...7.5Dec 11, 2025
CVE-2025-55183An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: r...5.3Dec 11, 2025
CVE-2025-55182A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, rea...KEV10.0Dec 3, 2025
CVE-2025-55181Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends d...5.3Dec 2, 2025
CVE-2025-55179Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigge...5.4Nov 18, 2025
CVE-2025-64296WordPress Facebook for WooCommerce plugin <= 3.5.7 - Broken Access Control to Notice Dismissal vulnerability5.3Oct 29, 2025
CVE-2025-55177Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allow...KEV5.4Aug 29, 2025
CVE-2025-30403A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00.8.1Jul 11, 2025
CVE-2025-30401A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename exte...6.7Apr 5, 2025
CVE-2025-27591A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged use...6.8Mar 11, 2025