https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 04 Jun 2026 03:35:23 +0000 https://vulnerability.circl.lu/sighting/0a42d558-31ff-4046-a18c-e746819bedda/export {"uuid": "0a42d558-31ff-4046-a18c-e746819bedda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/173", "content": "\u200aCVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users\n\nhttps://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/", "creation_timestamp": "2024-05-08T11:25:59.000000Z"} {"uuid": "0a42d558-31ff-4046-a18c-e746819bedda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/173", "content": "\u200aCVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users\n\nhttps://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/", "creation_timestamp": "2024-05-08T11:25:59.000000Z"} https://vulnerability.circl.lu/sighting/0a42d558-31ff-4046-a18c-e746819bedda/export Wed, 08 May 2024 11:25:59 +0000 https://vulnerability.circl.lu/sighting/88c8c8e3-9b7c-47f0-aaac-e5f84e1db949/export {"uuid": "88c8c8e3-9b7c-47f0-aaac-e5f84e1db949", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/390", "content": "\ud83d\udea8CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js \n \n \n \n\ud83d\udc49A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. \n \nIf pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. \n \n \n \n\ud83d\udce2POC: https://www.youtube.com/watch?v=c90_UKJvj_w \n \n\ud83d\udce2POC: https://github.com/LOURC0D3/CVE-2024-4367-PoC", "creation_timestamp": "2024-05-21T10:36:42.000000Z"} {"uuid": "88c8c8e3-9b7c-47f0-aaac-e5f84e1db949", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/390", "content": "\ud83d\udea8CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js \n \n \n \n\ud83d\udc49A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. \n \nIf pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. \n \n \n \n\ud83d\udce2POC: https://www.youtube.com/watch?v=c90_UKJvj_w \n \n\ud83d\udce2POC: https://github.com/LOURC0D3/CVE-2024-4367-PoC", "creation_timestamp": "2024-05-21T10:36:42.000000Z"} https://vulnerability.circl.lu/sighting/88c8c8e3-9b7c-47f0-aaac-e5f84e1db949/export Tue, 21 May 2024 10:36:42 +0000 https://vulnerability.circl.lu/sighting/c604e88c-1abf-49d9-a4e7-a299db53b1f0/export {"uuid": "c604e88c-1abf-49d9-a4e7-a299db53b1f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/368", "content": "\ud83d\udea8POC RELEASED\ud83d\udea8PoC for CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js\n\n#DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Privacy #Infosec #CVE20244367 #CVE202434342 #Vulnerability \n\nhttps://x.com/DarkWebInformer/status/1793295146588459283", "creation_timestamp": "2024-05-22T18:12:14.000000Z"} {"uuid": "c604e88c-1abf-49d9-a4e7-a299db53b1f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/368", "content": "\ud83d\udea8POC RELEASED\ud83d\udea8PoC for CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js\n\n#DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Privacy #Infosec #CVE20244367 #CVE202434342 #Vulnerability \n\nhttps://x.com/DarkWebInformer/status/1793295146588459283", "creation_timestamp": "2024-05-22T18:12:14.000000Z"} https://vulnerability.circl.lu/sighting/c604e88c-1abf-49d9-a4e7-a299db53b1f0/export Wed, 22 May 2024 18:12:14 +0000