WordPress plugin BFG Tools – Extension Zipper 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2021-41038

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...

EUVD-2025-24572

Malicious code in bioql PyPI...

Malicious code in avalon-plugin-extension (npm)

The package avalon-plugin-extension was found to contain malicious code...

MAL-2025-15179 Malicious code in avalon-plugin-extension (npm)

The package avalon-plugin-extension was found to contain malicious code...

CVE-2025-32451

A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...

PT-2024-10303 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2024.3.0.26795 Description: A use-after-free vulnerability exists in the way Foxit Reader handles a 3D page object. This can be triggered by a specially crafted Javascript code inside a malicious PDF document, leading to...

CVE-2024-25938

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2024-25938

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2024-25648

Foxit Reader 2024.1.0.23997 is affected by a use-after-free in the ComboBox handling that can be triggered when processing JavaScript in a malicious PDF or when visiting a crafted site with the browser plugin enabled. Talos provides concrete details on the vulnerable path: a ComboBox object is fr...

CVE-2024-25648

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. A...

CVE-2024-25575

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2024-25575

Foxit Reader CVE-2024-25575 is a type-confusion vulnerability in the Lock object’s fields handling. Talos documents a type-confusion in Foxit Reader 2024.1.0.23997 that can cause memory corruption and arbitrary code execution via JavaScript in malicious PDFs or a crafted site when the browser plu...

CVE-2024-25648

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. A...

CVE-2023-41257

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...

CVE-2023-38573

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2023-39542

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerabilit...

CVE-2023-32616

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

Design/Logic Flaw

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. ...

Type confusion

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...