Lucene search
K

59092 matches found

Cvelist
Cvelist
added 2025/12/19 7:16 a.m.23 views

CVE-2025-66500 Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

6.3CVSS0.00173EPSS
Exploits0References1
OSV
OSV
added 2025/12/19 7:16 a.m.3 views

CVE-2025-66495

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...

7.8CVSS6.1AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2025/12/19 7:16 a.m.4 views

CVE-2025-66495

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...

7.8CVSS0.00255EPSS
Exploits0References1
NVD
NVD
added 2025/12/19 7:16 a.m.4 views

CVE-2025-66493

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced,...

7.8CVSS0.00255EPSS
Exploits0References1
OSV
OSV
added 2025/12/19 7:16 a.m.5 views

CVE-2025-66493

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced,...

7.8CVSS6AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/19 7:9 a.m.25 views

CVE-2025-66495 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...

7.8CVSS0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/19 7:9 a.m.3 views

EUVD-2025-204465

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...

7.8CVSS7.1AI score0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/19 7:9 a.m.3 views

CVE-2025-66495 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...

7.8CVSS7.2AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2025/12/19 7:9 a.m.11 views

CVE-2025-66495

CVE-2025-66495 is a confirmed use-after-free vulnerability in Foxit PDF Reader/Editor related to annotation handling. Affected products include Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and macOS. The issue arises when opening a PDF containing specially crafted JavaScript, w...

7.8CVSS7.2AI score0.00255EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2025/12/19 7:7 a.m.15 views

CVE-2025-66493

Foxit PDF Reader/Editor on Windows contains a use-after-free in AcroForm processing when opening PDFs with crafted JavaScript, affecting versions before 2025.2.1, 14.0.1 and 13.2.1. The vulnerability can allow remote code execution by dereferencing a freed memory pointer. Foxit has released fixes...

7.8CVSS7.2AI score0.00255EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2025/12/19 7:7 a.m.3 views

EUVD-2025-204467

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced,...

7.8CVSS7.1AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/19 7:7 a.m.23 views

CVE-2025-66493 Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced,...

7.8CVSS0.00255EPSS
Exploits0References1
NVD
NVD
added 2025/12/19 2:16 a.m.9 views

CVE-2025-67843

A Server-Side Template Injection SSTI vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file...

9.8CVSS0.01055EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.3 views

Orejime 跨站脚本漏洞

Orejime is an open source user consent management tool from Boscop. A cross-site scripting vulnerability exists in Orejime versions prior to 2.3.2, which stems from embedded javascript code in the data attribute and could lead to the execution of malicious code...

6.1CVSS6.1AI score0.00183EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.4 views

Dive 安全漏洞

Dive is an OpenAgentPlatform open source MCP hosted desktop application. A security vulnerability exists in Dive versions prior to 0.11.1, which stems from a Mermaid chart rendering component that allows arbitrary JavaScript to be executed, potentially leading to remote code execution...

9.6CVSS7.7AI score0.00478EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52494

Name of the Vulnerable Software and Affected Versions Dive versions prior to 0.11.1 Description Dive is an open-source MCP Host Desktop Application that integrates with function-calling LLMs. A critical Stored Cross-Site Scripting XSS issue exists in the Mermaid diagram rendering component. The...

9.6CVSS6.4AI score0.00478EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52428

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

6.3CVSS5.9AI score0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.7 views

PT-2025-52495

Name of the Vulnerable Software and Affected Versions Orejime versions prior to 2.3.2 Description Orejime, a consent manager focusing on accessibility, had a flaw where malicious code could be executed on HTML elements it handled. This occurred because the software, prior to version 2.3.2, would...

6.3CVSS7.1AI score0.00183EPSS
Exploits0References9
Talos
Talos
added 2025/12/19 12:0 a.m.8 views

Foxit Reader Barcode Calculate CPDF_FormField Use-After-Free Vulnerability

Talos Vulnerability Report TALOS-2025-2277 Foxit Reader Barcode Calculate CPDFFormField Use-After-Free Vulnerability December 19, 2025 CVE Number CVE-2025-58085 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader handles a Barcode field object. A specially crafted JavaScript cod...

7.4AI score
Exploits0
Talos
Talos
added 2025/12/19 12:0 a.m.8 views

Foxit Reader Text Widget Format Use-After-Free Vulnerability

Talos Vulnerability Report TALOS-2025-2278 Foxit Reader Text Widget Format Use-After-Free Vulnerability December 19, 2025 CVE Number CVE-2025-59488 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader handles a Text Widget field object. A specially crafted JavaScript code inside ...

7.4AI score
Exploits0
Rows per page
Query Builder