6 matches found
CVE-2026-13129
When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...
EUVD-2026-42182
When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...
CVE-2026-13129
CVE-2026-13129 affects Foxit PDF Editor/Reader (Annotation feature). The issue is a use-after-free in the handling of the PDF form field tree triggered by JavaScript during field traversal, which can leave the program with an invalid form object and lead to a crash, with potential remote code exe...
PT-2026-50147
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.12 Description When running in BYONM mode nodeModulesDir: "manual", the module resolver fails to validate that a package's resolved entrypoint remains within its node modules// directory. A malicious package.json...
CVE-2026-44635
Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled input flows into eb.refcol, '-$'.keyinput or .atinput — including type-safe code where the JSON column ...
Vulnerability in the "My Orders" section of the Eastern Presentation Society App
East Presentation Club APP is a convenient hotel booking platform. An override access vulnerability exists in the "My Order" section of Dongcheng Club APP. An attacker can traverse the key fields to obtain sensitive information of other users through packet capture...