CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5911 matches found

OSV•added 2024/05/30 12:13 p.m.•10 views

SUSE-SU-2024:1858-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to version 115.11 bsc1224056: - CVE-2024-4367: Arbitrary JavaScript execution in PDF.js - CVE-2024-4767: IndexedDB files retained in private browsing mode - CVE-2024-4768: Potential permissions request bypass via clickjacking -...

8.8CVSS7.8AI score0.40321EPSS

Exploits17References8

CNNVD•added 2024/05/30 12:0 a.m.•3 views

Yii Security Vulnerabilities

Yii is a component-based, high-performance PHP framework for developing large-scale web applications developed by the YII team. A security vulnerability exists in Yii 2 version 2.0.49.3 that originates from a specially crafted link that allows an attacker to execute arbitrary JavaScript code in t...

4.7CVSS7.3AI score0.03985EPSS

Exploits0References3

Debian CVE•added 2024/05/28 4:5 p.m.•126 views

CVE-2024-36472

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

6.5CVSS6.5AI score0.00184EPSS

Exploits0

Tenable Nessus•added 2024/05/27 12:0 a.m.•26 views

MantisBT < 2.26.2 Multiple Vulnerabilities

According to its version number, the MantisBT application hosted on the remote web server is prior to 2.26.2. It is, therefore, affected by the following vulnerabilities : - Insufficient access control in the registration and password reset process allows an attacker to reset another user's...

7.3CVSS6.7AI score0.003EPSS

Exploits1References6

OSV•added 2024/05/24 2:45 p.m.•1 views

GHSA-3965-HPX2-Q597 Pug allows JavaScript code execution if an application accepts untrusted input

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

6.8CVSS7.1AI score0.00363EPSS

Exploits0References10

OSV•added 2024/05/24 6:15 a.m.•1 views

CVE-2024-36361

6.8CVSS6.8AI score

Exploits0References2

CVE•added 2024/05/24 6:4 a.m.•114 views

CVE-2024-36361

CVE-2024-36361 affects the Pug library up to version 3.0.2 . It allows JavaScript code execution when an application passes untrusted input to the name option of the functions that compile templates to JavaScript (compileClient, compileFileClient, compileClientWithDependenciesTracked). The descri...

6.8CVSS7.2AI score0.00363EPSS

Exploits0References2

Cvelist•added 2024/05/24 6:4 a.m.•14 views

CVE-2024-36361

7AI score0.00363EPSS

Exploits0References2

OSV•added 2024/05/23 2:39 p.m.•3 views

SUSE-SU-2024:1770-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to version 115.11.0 ESR bsc1224056: - CVE-2024-4367: Arbitrary JavaScript execution in PDF.js - CVE-2024-4767: IndexedDB files retained in private browsing mode - CVE-2024-4768: Potential permissions request bypass via clickjacking...

9.8CVSS7.9AI score0.40321EPSS

Exploits19References18

RedHat Linux•added 2024/05/23 12:9 p.m.•2 views

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

8.8CVSS7.5AI score0.40321EPSS

Exploits14References6

OpenVAS•added 2024/05/22 12:0 a.m.•23 views

Mageia: Security Advisory (MGASA-2024-0191)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.40321EPSS

Exploits17References5

OpenVAS•added 2024/05/22 12:0 a.m.•29 views

Mageia: Security Advisory (MGASA-2024-0189)

8.8CVSS7.5AI score0.40321EPSS

Exploits17References6

Mageia•added 2024/05/21 11:38 p.m.•49 views

Updated thunderbird packages fix security vulnerabilities

Arbitrary JavaScript execution in PDF.js. CVE-2024-4367 IndexedDB files retained in private browsing mode. CVE-2024-4767 Potential permissions request bypass via clickjacking. CVE-2024-4768 Cross-origin responses could be distinguished between script and non-script content-types. CVE-2024-4769...

8.8CVSS8AI score0.40321EPSS

Exploits17References3

Mageia•added 2024/05/21 11:17 p.m.•50 views

Updated nss & firefox packages fix security vulnerabilities

8.8CVSS8AI score0.40321EPSS

Exploits17References4

OSV•added 2024/05/21 11:17 p.m.•10 views

MGASA-2024-0189 Updated nss & firefox packages fix security vulnerabilities

8.8CVSS9.4AI score0.40321EPSS

Exploits17References5

The Hacker News•added 2024/05/21 10:22 a.m.•34 views

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

A critical security flaw has been disclosed in the llamacpppython Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 CVSS score: 9.7, the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If...

9.6CVSS8.9AI score0.62306EPSS

Exploits15

Tenable Nessus•added 2024/05/21 12:0 a.m.•30 views

AlmaLinux 9 : firefox (ALSA-2024:2883)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2883 advisory. - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affec...

8.8CVSS8.2AI score0.40321EPSS

Exploits17References7