Saúl Ibarra Corretgé

5 exploits Active since Aug 2020
CVE-2020-25019 WRITEUP HIGH WRITEUP
Jitsi Meet Electron < 2.3.0 - Data Authenticity Bypass
jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
CVSS 7.5
CVE-2026-0821 WRITEUP HIGH WRITEUP
Quickjs < 0.11.0 - Memory Corruption
A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue.
CVSS 7.3
CVE-2026-0822 WRITEUP MEDIUM WRITEUP
Quickjs < 0.11.0 - Out-of-Bounds Write
A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 53eefbcd695165a3bd8c584813b472cb4a69fbf5. To fix this issue, it is recommended to deploy a patch.
CVSS 6.3
CVE-2026-1144 WRITEUP MEDIUM WRITEUP
Quickjs < 0.11.0 - Use After Free
A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141. Applying a patch is advised to resolve this issue.
CVSS 6.3
CVE-2026-1145 WRITEUP MEDIUM WRITEUP
Quickjs < 0.11.0 - Memory Corruption
A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.
CVSS 6.3