VYPR
Vendor

Facebook

Products
33
CVEs
136
Across products
191
Status
Private

Products

33
View all 33 products →

Recent CVEs

136
View all 136 CVEs →
  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2015-7264CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.01

    The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.

  • CVE-2016-6875CriFeb 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2016-6874CriFeb 17, 2017
    risk 0.64cvss 9.8epss 0.02

    The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.

  • CVE-2016-6873CriFeb 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2016-6872CriFeb 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2016-6871CriFeb 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.

  • CVE-2016-6870CriFeb 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2024-45773HigSep 27, 2024
    risk 0.49cvss 7.5epss 0.00

    A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00.

  • CVE-2015-7265HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.

  • CVE-2015-7263HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.

  • CVE-2025-30403HigJul 11, 2025
    risk 0.46cvss 8.1epss 0.00

    A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00.

  • CVE-2026-23870HigMay 6, 2026
    risk 0.42cvss 7.5epss 0.02

    A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack,…

  • CVE-2024-45863MedSep 27, 2024
    risk 0.34cvss 5.3epss 0.00

    A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00.

  • CVE-2019-18426KEVJan 21, 2020
    risk 0.20cvss epss 0.68

    A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted…

  • CVE-2013-7035medSep 4, 2020
    risk 0.19cvss epss 0.02

    Affected versions of `react` are vulnerable to Cross-Site Scripting (XSS). The package fails to properly sanitize input used to create keys. This may allow attackers to execute arbitrary JavaScript if a key is generated from user input. ## Recommendation If you are using…

  • CVE-2019-3568KEVMay 14, 2019
    risk 0.16cvss epss 0.39

    A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp…

  • CVE-2025-55177KEVAug 29, 2025
    risk 0.12cvss epss 0.04

    Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a…

  • CVE-2008-5711Dec 24, 2008
    risk 0.06cvss epss 0.33

    Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.

  • CVE-2008-0660Feb 8, 2008
    risk 0.06cvss epss 0.38

    Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1)…