Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Kaspersky
Kasperskyadded 2022/10/18 12:0 a.m.41 views

KLA20011 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute...

8.8CVSS9.7AI score0.00258EPSS
Exploits0References3
Veracode
Veracodeadded 2022/06/06 11:20 a.m.11 views

Arbitrary Code Injection

gatsby-plugin-mdx is vulnerable to arbitrary code injection. The vulnerability exists because the gatsby-plugin-mdx allows JS engine for frontmatter by default due to untrusted inputs which allows an attacker to inject arbitrary codes...

4.3AI score
Exploits0
OSV
OSVadded 2021/12/16 2:34 p.m.764 views

GHSA-X949-7CM6-FM6P Code Injection in md-to-pdf.

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...

9.8CVSS9.7AI score0.19908EPSS
Exploits2References5
Veracode
Veracodeadded 2021/12/13 3:6 a.m.109 views

Remote Code Execution (RCE)

md-to-pdf is vulnerable to remote code execution. The library does not properly disable the JS engine in default when the library utilizing gray-matter to parse front matter content, allowing an attacker to execute the remote code through the JS engine...

9.8CVSS6.3AI score0.19908EPSS
Exploits2References2Affected Software1
OSV
OSVadded 2021/12/10 8:15 p.m.23 views

CVE-2021-23639

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...

9.8CVSS7.4AI score
Exploits0References3
Prion
Prionadded 2021/12/10 8:15 p.m.25 views

Remote code execution

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...

7.5CVSS9.7AI score0.19908EPSS
Exploits2References3Affected Software1
0day.today
0day.todayadded 2019/07/30 12:0 a.m.63 views

macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles Exploit

macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles Exploit While fuzzing JSC, I encountered the following JS program which crashes JSC from current HEAD and release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: // Run with --useConcurrentJIT=false...

8.8CVSS8.4AI score0.45572EPSS
Exploits1
exploitpack
exploitpackadded 2017/05/30 12:0 a.m.23 views

Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine

Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1258 MsMpEng's JS engine uses garbage collection to manage the lifetime of Javascript objects. During mark and sweep the GC roots the vectors representing t...

7.3AI score
Exploits0
Rows per page
Query Builder