Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4876 matches found

OSV
OSVadded 2021/02/02 7:15 a.m.16 views

CVE-2020-1896

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...

9.8CVSS8AI score0.02546EPSS
Exploits0References2
NVD
NVDadded 2021/02/02 7:15 a.m.15 views

CVE-2020-1896

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...

9.8CVSS0.02546EPSS
Exploits0References2
Prion
Prionadded 2021/02/02 7:15 a.m.27 views

Stack overflow

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...

6.8CVSS9.7AI score0.02546EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2021/02/02 6:50 a.m.16 views

CVE-2020-1896

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...

9.8AI score0.02546EPSS
Exploits0References2
CNNVD
CNNVDadded 2021/02/02 12:0 a.m.4 views

Facebook Hermes Buffer Error Vulnerability

Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native apps, going to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes suffers from a buffe...

9.8CVSS7.8AI score0.02546EPSS
Exploits0References3
Huntr
Huntradded 2021/01/10 12:0 a.m.20 views

Prototype Pollution in react-atomic/react-atomic-organism

Description set-object-value is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var setObjectValue = require"set-object-value" var obj = console.log"Before : " + .polluted; setObjectValueobj, 'proto','polluted', 'Yes! Its Polluted'; console.log"Afte...

7.5CVSS2.2AI score0.04322EPSS
Exploits1
CNNVD
CNNVDadded 2020/12/29 12:0 a.m.2 views

React Atomic Organism Security Vulnerability

React Atomic Organism is a codebase from the React Atomic team used to provide atomicity support for React applications. A security vulnerability in React Atomic Organism set-object-value versions 0.0.0 through 0.0.5 allows attackers to exploit the vulnerability for denial of service and...

9.8CVSS6.1AI score0.04322EPSS
Exploits1References3
Veracode
Veracodeadded 2020/12/10 6:23 a.m.18 views

Authentication Bypass

react-adal is vulnerable to authentication bypass. An attacker is able to bypass authentication using a malicious JWT token which would be treated as authentic due to an insecure validation on the nonce...

8.2CVSS3.4AI score0.00267EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2020/12/09 5:15 p.m.7 views

CVE-2020-7787

This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is cause...

8.2CVSS8AI score0.00267EPSS
Exploits1References2
OSV
OSVadded 2020/12/09 5:15 p.m.1 views

CVE-2020-7787

This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is cause...

8.2CVSS7.2AI score0.00267EPSS
Exploits1References2
CVE
CVEadded 2020/12/09 4:45 p.m.51 views

CVE-2020-7787

CVE-2020-7787 affects all versions of react-adal. The root cause is in how nonce/session/refresh values are stored in browser storage: values are appended with ||, which means an empty string can be accepted in the validation, allowing an attacker-generated JWT to be treated as authentic. Affecte...

8.2CVSS8AI score0.00267EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2020/12/09 4:45 p.m.12 views

CVE-2020-7787 Improper Authentication

This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is cause...

8.2CVSS8AI score0.00267EPSS
Exploits1References2
CNNVD
CNNVDadded 2020/12/09 12:0 a.m.3 views

Salvoravida React-adal Authorization Issues Vulnerability

Salvoravida React-adal is a JS language based codebase for interacting with Azure Active Directory by Salvoravida Individual Developer. react-adal suffers from an authorization issue vulnerability that stems from the fact that for specially designed JWT tokens and request URLs, it is possible to...

8.2CVSS7.2AI score0.00267EPSS
Exploits1References3
CNVD
CNVDadded 2020/10/27 12:0 a.m.2 views

Facebook Hermes Out-of-Bounds Read Vulnerability

Facebook Hermes is a small and lightweight JavaScript engine , optimized for running React Native on Android . Facebook Hermes 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 Previous versions of the JavaScript interpreter have an out-of-bounds read vulnerability. An attacker could exploit this...

7.5CVSS6.8AI score0.01092EPSS
Exploits0References1
OSV
OSVadded 2020/10/26 9:15 p.m.13 views

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

7.5CVSS6.8AI score0.01092EPSS
Exploits0References2
NVD
NVDadded 2020/10/26 9:15 p.m.13 views

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

7.5CVSS0.01092EPSS
Exploits0References2
Prion
Prionadded 2020/10/26 9:15 p.m.19 views

Memory corruption

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

4.3CVSS7.5AI score0.01092EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2020/10/26 8:20 p.m.16 views

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

7.5AI score0.01092EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2020/10/26 8:20 p.m.28 views

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

7.5CVSS7.6AI score0.01092EPSS
Exploits0
CVE
CVEadded 2020/10/26 8:20 p.m.98 views

CVE-2020-1915

CVE-2020-1915 targets Facebook Hermes’ JavaScript Interpreter. A crafted JavaScript input can trigger an out-of-bounds read prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0, enabling denial-of-service or possible memory corruption. Exploitation is only relevant if the app using Hermes eva...

7.5CVSS7.5AI score0.01092EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder