Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-24832
A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an malicious user to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where H...
Facebook Hermes
9.8
CVSSv3
CVE-2023-30470
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an malicious user to achieve remote code execution. Note that this is only exploitab...
Facebook Hermes -
9.8
CVSSv3
CVE-2023-28081
A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute...
Facebook Hermes -
9.8
CVSSv3
CVE-2023-28753
netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data.
Facebook Netconsd 0.1
7.5
CVSSv3
CVE-2023-23759
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impac...
Facebook Fizz
9.8
CVSSv3
CVE-2023-23557
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious malicious user to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to...
Facebook Hermes
9.8
CVSSv3
CVE-2023-23556
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious malicious user to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is us...
Facebook Hermes
9.8
CVSSv3
CVE-2022-36937
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1....
Facebook Hhvm 4.172.0
Facebook Hhvm 4.171.0
Facebook Hhvm
5.4
CVSSv3
CVE-2023-1905
The WP Popups WordPress plugin prior to 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cros...
Timersys Wp Popups
6.1
CVSSv3
CVE-2023-30792
Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.
Facebook Lexical
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »