https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-04T03:35:23.737134+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/0a42d558-31ff-4046-a18c-e746819bedda/export0a42d558-31ff-4046-a18c-e746819bedda2026-06-04T03:35:24.101720+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "0a42d558-31ff-4046-a18c-e746819bedda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/173", "content": "\u200aCVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users\n\nhttps://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/", "creation_timestamp": "2024-05-08T11:25:59.000000Z"}2024-05-08T11:25:59+00:00https://vulnerability.circl.lu/sighting/88c8c8e3-9b7c-47f0-aaac-e5f84e1db949/export88c8c8e3-9b7c-47f0-aaac-e5f84e1db9492026-06-04T03:35:24.101559+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "88c8c8e3-9b7c-47f0-aaac-e5f84e1db949", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/390", "content": "\ud83d\udea8CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js \n \n \n \n\ud83d\udc49A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. \n \nIf pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. \n \n \n \n\ud83d\udce2POC: https://www.youtube.com/watch?v=c90_UKJvj_w \n \n\ud83d\udce2POC: https://github.com/LOURC0D3/CVE-2024-4367-PoC", "creation_timestamp": "2024-05-21T10:36:42.000000Z"}2024-05-21T10:36:42+00:00https://vulnerability.circl.lu/sighting/c604e88c-1abf-49d9-a4e7-a299db53b1f0/exportc604e88c-1abf-49d9-a4e7-a299db53b1f02026-06-04T03:35:24.099153+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "c604e88c-1abf-49d9-a4e7-a299db53b1f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/368", "content": "\ud83d\udea8POC RELEASED\ud83d\udea8PoC for CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js\n\n#DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Privacy #Infosec #CVE20244367 #CVE202434342 #Vulnerability \n\nhttps://x.com/DarkWebInformer/status/1793295146588459283", "creation_timestamp": "2024-05-22T18:12:14.000000Z"}2024-05-22T18:12:14+00:00