Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Veracode
Veracodeadded 2024/05/08 4:43 a.m.304 views

Remote Code Execution (RCE)

pdfjs-dist is vulnerable to Remote Code Execution RCE. The vulnerability is due to the default setting isEvalSupported set to true, which allows unrestricted execution of attacker-controlled JavaScript within the hosting domain context...

8.8CVSS7.8AI score0.40321EPSS
Exploits14References14Affected Software5
Vulnrichment
Vulnrichmentadded 2024/05/07 2:29 p.m.29 views

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

7.1CVSS6.7AI score0.04889EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2024/05/07 12:0 a.m.3 views

PT-2024-25799

Name of the Vulnerable Software and Affected Versions react-pdf versions prior to 7.7.3 react-pdf versions prior to 8.0.2 Description The issue arises when PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true, which is the default value. This...

8.8CVSS8.3AI score0.40321EPSS
Exploits14References38
Rows per page
Query Builder