CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 137.0.7151.68 Microsoft Edge versions prior to 137.0.7151.68 Opera versions prior to 119.0.5497.70 Opera GX versions prior to 119.0.5497.68 Chromium versions prior to 137.0.7151.68 Description Google Chrome,...

10CVSS7.7AI score0.03827EPSS

Exploits3References203

SUSE CVE•added 2025/04/02 1:29 p.m.•1 views

SUSE CVE-2025-3028

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9...

6.5CVSS7AI score0.00127EPSS

Exploits1References14

FreeBSD•added 2025/04/01 12:0 a.m.•9 views

Mozilla -- use-after-free error

[email protected] reports: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...

6.5CVSS7.4AI score0.00127EPSS

Exploits1References1

SUSE CVE•added 2023/02/15 4:16 a.m.•1 views

SUSE CVE-2019-5847

Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.5CVSS6.7AI score0.00396EPSS

Exploits0References4

CNNVD•added 2021/07/14 12:0 a.m.•1 views

is-email 资源管理错误漏洞

is-email is an application used to validate email addresses. Segment is-email is vulnerable due to a ReDoS regular expression denial of service flaw discovered in Node.js prior to Segment is-email package 1.0.1. An attacker could exploit this flaw to cause the application to consume excessive CPU...

7.5CVSS5.6AI score0.00468EPSS

Exploits0References2

OSV•added 2020/02/11 3:15 p.m.•5 views

CVE-2020-6415

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.6AI score

Exploits0References9

OSV•added 2019/12/10 10:15 p.m.•6 views

CVE-2019-13730

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.6AI score

Exploits0References10

OSV•added 2019/11/25 3:15 p.m.•3 views

CVE-2019-13713

Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.9AI score

Exploits0References3

OSV•added 2015/12/02 1:59 a.m.•5 views

CVE-2015-8384

PCRE before 8.38 mishandles the /?J?'d'?'d'\gd/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScri...

9.9AI score

Exploits0References7

OSV•added 2014/11/26 7:42 p.m.•1 views

USN-2423-1 clamav vulnerabilities

Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2013-6497 Damien Millescamp discovered that ClamAV incorrectly handled...

5CVSS7AI score0.06887EPSS

Exploits1References3

OSV•added 2011/01/11 3:0 a.m.•5 views

CVE-2011-0003

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors...

6.3AI score

Exploits0References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by