Javascript Exploits

229 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-4386 EXPLOITDB HIGH javascript VERIFIED
Safari < 12.0.1 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
by Google Security Research
CVSS 8.8
CVE-2018-4382 EXPLOITDB HIGH javascript VERIFIED
Safari < 12.0.1 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
by Google Security Research
CVSS 8.8
EIP-2026-115648 EXPLOITDB javascript VERIFIED
Microsoft Edge Chakra - OP_Memset Type Confusion
by Google Security Research
EIP-2026-115647 EXPLOITDB javascript VERIFIED
Microsoft Edge Chakra - OP_Memset Type Confusion
by Google Security Research
CVE-2018-8467 EXPLOITDB HIGH javascript VERIFIED
ChakraCore - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466.
by Google Security Research
CVSS 7.5
CVE-2018-8466 EXPLOITDB HIGH javascript VERIFIED
ChakraCore < 1.10.1 and 1.11.1 - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467.
by Google Security Research
CVSS 7.5
CVE-2018-8355 EXPLOITDB HIGH javascript VERIFIED
Microsoft Browsers - Memory Corruption
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
by Google Security Research
CVSS 7.5
CVE-2018-8384 EXPLOITDB HIGH javascript VERIFIED
ChakraCore < 1.10.2 - Remote Code Execution via Type Confusion
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.
by Google Security Research
CVSS 7.5
CVE-2018-8279 EXPLOITDB HIGH javascript VERIFIED
Microsoft Edge and ChakraCore - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.
by Google Security Research
CVSS 7.5
CVE-2018-8298 EXPLOITDB HIGH javascript VERIFIED
ChakraCore < 1.10.1 - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
by Google Security Research
CVSS 7.5
CVE-2018-8288 EXPLOITDB HIGH javascript VERIFIED
Microsoft Browsers - Memory Corruption
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.
by Google Security Research
CVSS 7.5
EIP-2026-115649 EXPLOITDB javascript VERIFIED
Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion
by Google Security Research
CVE-2018-8291 EXPLOITDB HIGH javascript VERIFIED
Microsoft Browsers - Memory Corruption
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298.
by Google Security Research
CVSS 7.5
CVE-2018-8229 EXPLOITDB HIGH javascript VERIFIED
Microsoft Edge and ChakraCore - Remote Code Execution via Type Confusion
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.
by Google Security Research
CVSS 7.5
CVE-2018-8145 EXPLOITDB HIGH javascript VERIFIED
ChakraCore < 1.8.3 - Memory Contents Exposure via Scripting Engine
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.
by Google Security Research
CVSS 7.5
CVE-2018-8139 EXPLOITDB HIGH javascript VERIFIED
Microsoft Edge and ChakraCore - Remote Code Execution via Scripting Engine Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137.
by Google Security Research
CVSS 7.5
CVE-2018-4192 EXPLOITDB HIGH javascript
Safari < 11.1.1 - Remote Code Execution via WebKit Race Condition
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.
by ret2
CVSS 7.5
CVE-2018-6092 EXPLOITDB HIGH javascript VERIFIED
Google Chrome < 66.0.3359.117 - Remote Code Execution via WebAssembly Integer Overflow
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
by Google Security Research
CVSS 8.8
CVE-2018-8133 EXPLOITDB HIGH javascript VERIFIED
Microsoft Edge and ChakraCore - Remote Code Execution via Type Confusion
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.
by Google Security Research
CVSS 7.5
EIP-2026-101139 EXPLOITDB javascript
Sony Playstation 4 (PS4) 5.1 - Kernel (PoC)
by qwertyoruiop
CVE-2018-0953 EXPLOITDB HIGH javascript VERIFIED
Microsoft Edge and ChakraCore - Remote Code Execution via Scripting Engine Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
by Google Security Research
CVSS 7.5
CVE-2018-0980 EXPLOITDB HIGH javascript VERIFIED
Microsoft Edge and ChakraCore < 1.8.3 - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.
by Google Security Research
CVSS 7.5
EIP-2026-103437 EXPLOITDB javascript VERIFIED
Chrome V8 JIT - Arrow Function Scope Fixing Bug
by Google Security Research
EIP-2026-103434 EXPLOITDB javascript VERIFIED
Chrome V8 JIT - 'AwaitedPromise' Update Bug
by Google Security Research
EIP-2026-103436 EXPLOITDB javascript VERIFIED
Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion
by Google Security Research
By Source
All 229 Writeup 62,183 Exploitdb 50,126 Nomisec 22,380 Github 3,588 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,433 python 6,554 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25