CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

480 matches found

Improper Control of Dynamically-Managed Code Resources

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources through the WebAssembly.promising and WebAssembly.Suspending JSPI APIs in...

10CVSS6AI score

Exploits0References2

RedhatCVE•added 2026/05/14 7:58 p.m.•5 views

CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.00041EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:1 p.m.•5 views

CVE-2018-19446

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution...

7.8CVSS7.5AI score0.00343EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:59 a.m.•5 views

CVE-2018-19449

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution...

7.8CVSS7.5AI score0.00312EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:58 a.m.•6 views

CVE-2018-19445

A command injection can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution...

7.8CVSS8AI score0.00922EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:32 a.m.•3 views

CVE-2024-39772

Mattermost Desktop App versions =5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs...

5.3CVSS6.7AI score0.00356EPSS

Exploits0References1