CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

107 matches found

Github Security Blog•added 2026/05/14 9:14 p.m.•8 views

vm2 Has a Sandbox Breakout Using Async Generator

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details It is possible to catch a host exception using the yield expression inside an async generator. When the...

9.8CVSS6.2AI score0.00082EPSS

Exploits1References5Affected Software1

Snyk•added 2026/05/11 4:9 p.m.•4 views

Prototype Pollution

Overview @rvf/set-get is an Internal utilities and types for working with deeply nested data. This is primarily used internally by RVF and it's various packages. It isn't recommended for use by most people. Affected versions of this package are vulnerable to Prototype Pollution via the setPath...

8.8CVSS6.3AI score0.00055EPSS

Exploits0References2

Snyk•added 2026/04/03 3:45 a.m.•6 views

Prototype Pollution

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Prototype Pollution in the USEPROFILES function. An attacker can execute arbitrary JavaScript code in the context of the user’s browser by polluting...

6.1CVSS6.5AI score

Exploits0References2

ATTACKERKB•added 2026/03/27 10:14 p.m.•2 views

CVE-2026-33993

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized...

6.9CVSS5.9AI score0.00055EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/01/09 9:0 a.m.•5 views

CVE-2023-29206

XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a...

9CVSS6.7AI score0.04422EPSS

Exploits1References1

OSV•added 2025/12/09 4:17 p.m.•0 views

CVE-2025-14324

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

9.8CVSS5.8AI score

Exploits0References6

Kaspersky•added 2025/10/14 12:0 a.m.•2 views

KLA89243 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Out of bounds read/write...

9.8CVSS8.4AI score0.00106EPSS

Exploits0References3