CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

NVD•added 2026/04/06 4:16 p.m.•1 views

CVE-2026-34208

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructo...

10CVSS0.00561EPSS

Exploits1References1

Snyk•added 2026/04/03 9:44 p.m.•0 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the constructor process. An attacker can modify host global objects and persist these changes...

10CVSS6.3AI score0.00561EPSS

Exploits1References3

CNNVD•added 2026/01/29 12:0 a.m.•4 views

deepHas security vulnerabilities

deepHas is a software library developed by Paul Ryan. Version 1.0.7 of deepHas contains a security vulnerability, which stems from prototype pollution and could allow attackers to modify the behavior of global objects...

9.4CVSS5.8AI score0.00717EPSS

Exploits4References4

Snyk•added 2025/11/13 8:43 p.m.•3 views

Cross-site Scripting (XSS)

Overview vega is a library that implements Vega visualization grammar. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

8.1CVSS5.5AI score0.00334EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2007-2405

Malware in sbrugna...

4.3CVSS6.4AI score0.01263EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-50304

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00418EPSS

Exploits0References2

Microsoft CVE•added 2025/09/03 10:4 p.m.•5 views

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.

...

8.8CVSS7AI score0.00557EPSS

Exploits0

RedhatCVE•added 2025/05/23 12:26 a.m.•4 views

CVE-2022-47543

An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects...

5.3CVSS7AI score0.00418EPSS

Exploits0

Vulnrichment•added 2023/06/02 12:0 a.m.•9 views

CVE-2023-25731

6AI score0.00557EPSS

Exploits0References2

Cvelist•added 2023/06/02 12:0 a.m.•20 views

CVE-2023-25731

8.7AI score0.00557EPSS

Exploits0References2

CVE•added 2023/06/02 12:0 a.m.•177 views

CVE-2023-25731

CVE-2023-25731 affects Mozilla Firefox prior to 110, where URL previews in the network panel’s developer tools could allow query parameters to overwrite global objects in privileged code. The issue is confirmed by multiple sources stating Firefox

8.8CVSS7.8AI score0.00557EPSS

Exploits0References2Affected Software1

Debian CVE•added 2023/06/02 12:0 a.m.•25 views

CVE-2023-25731

8.8CVSS8.7AI score0.00557EPSS

Exploits0

SUSE CVE•added 2023/03/07 3:13 a.m.•2 views

SUSE CVE-2023-25731

8.8CVSS8.4AI score0.00557EPSS

Exploits0References4

Veracode•added 2023/02/25 8:48 p.m.•18 views

Prototype Pollution

firefox is vulnerable to Prototype Pollution. The vulnerability exists due to the URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code...

8.8CVSS4.9AI score0.00557EPSS

Exploits0References3Affected Software3

OSV•added 2023/02/15 12:0 a.m.•1 views

UBUNTU-CVE-2023-25731

8.8CVSS7.1AI score0.00557EPSS

Exploits0References4

UbuntuCve•added 2023/02/15 12:0 a.m.•25 views

CVE-2023-25731

8.8CVSS7.1AI score0.00557EPSS

Exploits0References3

NVD•added 2023/01/05 9:15 p.m.•19 views

CVE-2022-47543

An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects...

5.3CVSS5.4AI score0.00418EPSS

Exploits0References2

OSV•added 2023/01/05 9:15 p.m.•1 views

CVE-2022-47543

An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects...

5.3CVSS5.8AI score0.00418EPSS

Exploits0References2

Prion•added 2023/01/05 9:15 p.m.•18 views

Design/Logic Flaw

An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects...

5CVSS5.4AI score0.00418EPSS

Exploits0References2Affected Software1

CVE•added 2023/01/05 12:0 a.m.•55 views

CVE-2022-47543

Siren Investigate contains a CVE-2022-47543 ACL bypass on global objects for versions before 12.1.7. Affected software: Siren Investigate (pre-12.1.7). Root cause: improper access control on global objects. Impact: limited integrity, potential exposure of global object access (as per CVSS 3.1 met...

5.3CVSS5.4AI score0.00418EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by