CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

9 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-0176

Malware in sbrugna...

8.8CVSS8.8AI score0.00296EPSS

Exploits0References7

Veracode•added 2018/03/15 4:16 a.m.•11 views

Cross-site Scripting (XSS)

pym.js is vulnerable to cross-site request forgery CSRF attacks. Attackers can embed malicious JavaScript code into document.location.href objects...

8.8CVSS8.5AI score0.00296EPSS

Exploits0References3Affected Software1

vulnersOsv•added 2018/03/13 8:38 p.m.•0 views

alchemy-embed-medias (>=0.4.0 <=0.5.0), globe-iframe-resizer (>=0.0.0 <=0.0.2) +4 more potentially affected by CVE-2018-1000086 via pym.js (=0.4.5)

pym.js NPM version =0.4.5 is affected by a known vulnerability. The following packages have a transitive dependency on pym.js and may be impacted: - alchemy-embed-medias =0.4.0, =0.0.0, =0.2.1, =0.1.0, =0.3.0, =1.0.0, =4.0.0 Source cves: CVE-2018-1000086 Source advisory: OSV:GHSA-82GW-PQF7-Q3J2...

8.8CVSS7.2AI score0.00296EPSS

OSV•added 2018/03/13 8:38 p.m.•14 views

GHSA-82GW-PQF7-Q3J2 pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

8.8CVSS9AI score0.00296EPSS

Exploits0References6

OSV•added 2018/03/13 3:29 p.m.•14 views

CVE-2018-1000086

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

8.8CVSS9.2AI score

Exploits0References3

NVD•added 2018/03/13 3:29 p.m.•10 views

CVE-2018-1000086

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

8.8CVSS9AI score0.00296EPSS

Exploits0References3

Prion•added 2018/03/13 3:29 p.m.•7 views

Cross site request forgery (csrf)

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

6.8CVSS9AI score0.00296EPSS

Exploits0References3Affected Software1

Cvelist•added 2018/03/13 3:0 p.m.•10 views

CVE-2018-1000086

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

9AI score0.00296EPSS

Exploits0References3

CVE•added 2018/03/13 3:0 p.m.•44 views

CVE-2018-1000086

NPR Visuals Team Pym.js versions 0.4.2 through 1.3.1 expose a CSRF vulnerability in the _onNavigateToMessage function that can result in arbitrary JavaScript execution. An attacker could leverage this to gain full JavaScript access on pages embedding Pym.js when a user visits a crafted page. The ...

8.8CVSS8.9AI score0.00296EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by