bjrjk

7 exploits Active since Dec 2022
CVE-2022-4262 NOMISEC HIGH WRITEUP
Google Chrome < 108.0.5359.94 - Type Confusion in V8 via Crafted HTML Page
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
106 stars
CVSS 8.8
CVE-2024-29943 NOMISEC CRITICAL WORKING POC
Firefox < 124.0.1 - Memory Corruption
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
95 stars
CVSS 9.8
CVE-2025-6554 NOMISEC HIGH WORKING POC
Google Chrome < 138.0.7204.96 - Type Confusion in V8
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
30 stars
CVSS 8.1
CVE-2024-4947 NOMISEC CRITICAL WORKING POC
Google Chrome < 125.0.6422.60 - Remote Code Execution via V8 Type Confusion
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
29 stars
CVSS 9.6
CVE-2025-5419 NOMISEC HIGH WORKING POC
Google Chrome < 137.0.7151.68 - Out-of-bounds Read and Write in V8
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
28 stars
CVSS 8.8
CVE-2025-43529 NOMISEC HIGH WRITEUP
Apple watchOS <26.2 - Code Injection
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
16 stars
CVSS 8.8
CVE-2024-8381 NOMISEC CRITICAL WORKING POC
Firefox < 130 and Firefox ESR < 115.15 - Type Confusion via 'with' Environment Property Lookup
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
15 stars
CVSS 9.8