Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may le
Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's `AsyncGenerator` opera
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affec
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new functi
vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multi
Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence
CVE-2026-23947
CRITICAL CVSS 9.3
Find Similar
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generate
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-si
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow
XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated u
CVE-2026-45411
CRITICAL CVSS 9.8
Find Similar
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the re
CVE-2026-2587
CRITICAL CVSS 9.6
Find Similar
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evalu
Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the `component-model-async` feature became the default, which brought with it a new implementation of `[Typed]Func::call_async` wh
CVE-2026-2796
CRITICAL CVSS 9.8
Find Similar
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2
The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service (WPS) publish.py CGI script prior to commit 7a5ae
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in
Page 1+ Next →