CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

507 matches found

Snyk•added 2026/05/29 5:51 p.m.•7 views

Improper Control of Dynamically-Managed Code Resources

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources through the WebAssembly.promising and WebAssembly.Suspending JSPI APIs in...

10CVSS6AI score0.00507EPSS

Exploits0References2

RedhatCVE•added 2026/05/14 7:58 p.m.•7 views

CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.00357EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:1 p.m.•8 views

CVE-2018-19446

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution...

7.8CVSS7.5AI score0.02208EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:59 a.m.•8 views

CVE-2018-19449

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution...

7.8CVSS7.5AI score0.02329EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:58 a.m.•9 views

CVE-2018-19445

A command injection can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution...

7.8CVSS8AI score0.02642EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:32 a.m.•14 views

CVE-2024-39772

Mattermost Desktop App versions =5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs...

5.3CVSS6.7AI score0.00312EPSS

Exploits0References1