Lucene search
+L

105 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.6 views

CVE-2023-30792

Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources...

6.1CVSS6.2AI score0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/18 4:4 p.m.10 views

CVE-2025-32792 ses's global contour bindings leak into Compartment lexical scope

SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that hav...

8.7CVSS6.6AI score0.005EPSS
Exploits0References1
OSV
OSV
added 2025/04/18 3:10 p.m.6 views

GHSA-H9W6-F932-GQ62 ses's global contour bindings leak into Compartment lexical scope

Impact Web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used const, let, and class bindings in the top-level scope of a tag will have inadvertently revealed these bindings in the lexical scope...

8.7CVSS7.1AI score0.005EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/25 2:39 a.m.2 views

Malicious code in eslint-plugin-lexical (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 760c1ce48f24649d849a333e359e0a3f348f36df412163d82b89e8fc552625f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/03/25 2:39 a.m.3 views

MAL-2025-2670 Malicious code in eslint-plugin-lexical (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 760c1ce48f24649d849a333e359e0a3f348f36df412163d82b89e8fc552625f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/24 9:49 a.m.4 views

Malicious code in lexical-esm-nextjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 808bb38341306bbd08d655abd9928c5cf279412658db15774579d78f195f5a39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/11/12 8:48 p.m.1 views

GHSA-X8JH-XJ3X-GX3C `fast-float` has multiple soundness issues

fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...

6.9CVSS5.8AI score
Exploits0References5
RustSec
RustSec
added 2024/10/31 12:0 p.m.6 views

Multiple soundness issues

fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...

7.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/09/16 5:19 p.m.8 views

BrandoCulqi (=1.0.1), IMAPServer (=0.1.0) +2299 more potentially affected by unknown CVE via lexical-core (>=0.1.3 <=0.8.5)

lexical-core CARGO version =0.1.3, =1.0.0, =1.0.1, =0.10.0-dev0, =0.2.0, =0.1.0, =0.2.0, =0.1.1, =0.5.1, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2326-PFPJ-VX3H...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/09/16 5:19 p.m.15 views

lexical-core has multiple soundness issues

RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...

7.3AI score
Exploits0References9Affected Software1
OSV
OSV
added 2024/09/16 5:19 p.m.7 views

GHSA-2326-PFPJ-VX3H lexical-core has multiple soundness issues

RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...

7.3AI score
Exploits0References9
Snyk
Snyk
added 2024/04/23 7:40 a.m.5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference due to an erroneous lexical scope of this with eval. An attacker can cause a denial of service or potentially execute arbitrary code by triggering a NULL pointer dereference. PoC c function foo function Bar clas...

7.5CVSS7.7AI score0.00641EPSS
Exploits1References2
NVD
NVD
added 2024/04/23 7:15 a.m.12 views

CVE-2023-48183

QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...

7.5CVSS6.5AI score0.00641EPSS
Exploits1References2
OSV
OSV
added 2024/04/23 7:15 a.m.17 views

CVE-2023-48183

QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...

7.5CVSS7.1AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/04/23 7:15 a.m.10 views

CVE-2023-48183

QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...

7.5CVSS5.9AI score0.00641EPSS
Exploits1References4
OSV
OSV
added 2024/04/23 7:15 a.m.8 views

UBUNTU-CVE-2023-48183

QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...

7.5CVSS5.8AI score0.00641EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/04/23 12:0 a.m.5 views

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine. A security vulnerability exists in versions of QuickJS prior to c4cdd61, which stems from a lexical scoping error in this with eval, resulting in a null pointer dereference vulnerability...

7.5CVSS6.7AI score0.00641EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/04/23 12:0 a.m.19 views

CVE-2023-48183

QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...

6.8AI score0.00641EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/23 12:0 a.m.11 views

CVE-2023-48183

QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...

6.9AI score0.00641EPSS
Exploits1References2
CVE
CVE
added 2024/04/23 12:0 a.m.67 views

CVE-2023-48183

CVE-2023-48183 affects QuickJS prior to commit c4cdd61. The vulnerability stems from an erroneous lexical scope of the value of this with eval, causing a NULL pointer dereference in build_for_in_iterator. Documented impact includes possible crashes/denial of service and potential arbitrary code e...

7.5CVSS6.8AI score0.00641EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder