CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2024/04/30 2:38 p.m.•61 views

CVE-2024-25648

Foxit Reader 2024.1.0.23997 is affected by a use-after-free in the ComboBox handling that can be triggered when processing JavaScript in a malicious PDF or when visiting a crafted site with the browser plugin enabled. Talos provides concrete details on the vulnerable path: a ComboBox object is fr...

8.8CVSS7.1AI score0.02641EPSS

Exploits1References2Affected Software2

Vulnrichment•added 2024/04/30 2:38 p.m.•12 views

CVE-2024-25648

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. A...

8.8CVSS8.9AI score0.02641EPSS

Cvelist•added 2024/04/30 2:38 p.m.•16 views

CVE-2024-25575

8.8CVSS9.1AI score0.03545EPSS

CVE•added 2024/04/30 2:38 p.m.•76 views

CVE-2024-25575

Foxit Reader CVE-2024-25575 is a type-confusion vulnerability in the Lock object’s fields handling. Talos documents a type-confusion in Foxit Reader 2024.1.0.23997 that can cause memory corruption and arbitrary code execution via JavaScript in malicious PDFs or a crafted site when the browser plu...

8.8CVSS7.1AI score0.03545EPSS

Exploits1References2Affected Software2

Cvelist•added 2024/04/30 2:38 p.m.•18 views

CVE-2024-25648

8.8CVSS9.1AI score0.02641EPSS

CNNVD•added 2024/04/30 12:0 a.m.•1 views

CSS Exfil Protection 安全漏洞

CSS Exfil Protection is a browser plugin from the individual developer Mike Gualtieri. A security vulnerability exists in CSS Exfil Protection version v.1.1.0, which originated from a vulnerability that allows remote attackers to obtain sensitive information via the content.js and parseCSSRules...

7.5CVSS6.5AI score0.00351EPSS

Exploits1References3

Positive Technologies•added 2024/04/01 12:0 a.m.•2 views

PT-2024-3606 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2024.1.0.23997 Description: A type confusion vulnerability exists in the way Foxit Reader handles a Lock object. This can be triggered by a specially crafted Javascript code inside a malicious PDF document, leading to...

10CVSS8.2AI score0.03545EPSS

Exploits1References12

Vulnrichment•added 2024/02/20 5:35 p.m.•11 views

CVE-2024-22250 Session Hijack Vulnerability in Deprecated EAP Browser Plugin

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

7.8CVSS6.6AI score0.00185EPSS

Exploits0References1

NVD•added 2023/11/27 4:15 p.m.•14 views

CVE-2023-41257

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...

8.8CVSS0.00012EPSS

Exploits0References2

OSV•added 2023/11/27 4:15 p.m.•1 views

CVE-2023-39542

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerabilit...

8.8CVSS6.5AI score0.00213EPSS

NVD•added 2023/11/27 4:15 p.m.•13 views

CVE-2023-38573

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS0.00016EPSS

OSV•added 2023/11/27 4:15 p.m.•1 views

CVE-2023-38573

8.8CVSS6AI score0.00016EPSS

NVD•added 2023/11/27 4:15 p.m.•15 views

CVE-2023-39542

8.8CVSS0.00213EPSS

NVD•added 2023/11/27 4:15 p.m.•16 views

CVE-2023-32616

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS0.0002EPSS

OSV•added 2023/11/27 4:15 p.m.•3 views

CVE-2023-32616

8.8CVSS6AI score

Exploits0References2

Prion•added 2023/11/27 4:15 p.m.•21 views

Design/Logic Flaw

6.8CVSS7.7AI score0.0002EPSS

Prion•added 2023/11/27 4:15 p.m.•22 views

Design/Logic Flaw

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. ...

6.8CVSS7.4AI score0.00321EPSS

Prion•added 2023/11/27 4:15 p.m.•22 views

Design/Logic Flaw

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...

6.8CVSS7.4AI score0.00022EPSS

Prion•added 2023/11/27 4:15 p.m.•32 views

Remote code execution

6.8CVSS8AI score0.00213EPSS