Lucene search
+L

257 matches found

Patchstack
Patchstack
added 2026/05/05 4:33 p.m.13 views

NPM: VM2 Has Sandbox Breakout Through Inspect Function

NPM: VM2 Has Sandbox Breakout Through Inspect Function vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.3...

9.8CVSS6AI score0.01186EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2026/05/05 4:33 p.m.10 views

EUVD-2026-26987

VM2 Has Sandbox Breakout Through Inspect Function...

9.8CVSS5.8AI score0.01186EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/05 4:33 p.m.11 views

VM2 Has Sandbox Breakout Through Inspect Function

Summary VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The node inspect method allows to log details of objects. To get to the...

9.8CVSS6.2AI score0.01186EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/05/05 4:33 p.m.7 views

GHSA-V37H-5MFM-C47C VM2 Has Sandbox Breakout Through Inspect Function

Summary VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The node inspect method allows to log details of objects. To get to the...

9.8CVSS6.2AI score0.01186EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/05/05 11:57 a.m.8 views

CVE-2026-24781

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by exploiting the inspect function. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity a...

9.8CVSS6.3AI score0.01186EPSS
Exploits1References8
Snyk
Snyk
added 2026/05/04 6:27 p.m.12 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the inspect function. An attacker can execute arbitrary commands on the host system by escaping the sandbox...

9.8CVSS6.3AI score0.01186EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 6:27 p.m.7 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the inspect function. An attacker can execute arbitrary commands on the host system by escaping the...

9.8CVSS6.3AI score0.01186EPSS
Exploits1References2
NVD
NVD
added 2026/05/04 5:16 p.m.14 views

CVE-2026-24781

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been...

9.8CVSS0.01186EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:33 p.m.3 views

CVE-2026-24781

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been...

9.8CVSS6.1AI score0.01186EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 4:33 p.m.4 views

CVE-2026-24781 vm2: Sandbox Breakout Through Inspect

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been...

9.8CVSS6.1AI score0.01186EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/04 4:33 p.m.54 views

CVE-2026-24781 vm2: Sandbox Breakout Through Inspect

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been...

9.8CVSS0.01186EPSS
Exploits1References5
CVE
CVE
added 2026/05/04 4:33 p.m.39 views

CVE-2026-24781

vm2 is an open source Node.js sandbox; prior to version 3.11.0 it suffers a sandbox breakout through the inspect function that allows code to escape the VM2 sandbox and run arbitrary host commands. The issue has been fixed in version 3.11.0. Affected: vm2 (Node.js VM2 sandbox); root cause: sandbo...

9.8CVSS6.1AI score0.01186EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2026/05/04 4:33 p.m.3 views

CVE-2026-24781 vm2: Sandbox Breakout Through Inspect

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been...

9.8CVSS6.4AI score0.01186EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.12 views

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability; this vulnerability stemmed from an sandbox escape exploit throug...

9.8CVSS6.3AI score0.01186EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36848

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description vm2 is an open source sandbox for Node.js. A sandbox breakout occurs through the inspect function, allowing attackers to write code that escapes the sandbox environment and executes arbitrary commands o...

9.8CVSS6AI score0.01186EPSS
Exploits1References26
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.17 views

PT-2026-38388

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description An issue exists where it is possible to obtain the host Object, allowing an attacker to escape the sandbox. This can be achieved through various methods, such as using the getOwnPropertySymbols function...

10CVSS6.3AI score0.00976EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.21 views

PT-2026-38397

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description A sandbox escape allows unauthenticated attackers to execute arbitrary system commands RCE on the host. The issue occurs because BaseHandler.getPrototypeOf can be reached via util.inspect, enabling the...

10CVSS6.3AI score0.00815EPSS
Exploits1References17
Fedora
Fedora
added 2026/04/30 1:30 a.m.7 views

[SECURITY] Fedora 42 Update: skopeo-1.22.2-1.fc42

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

7.5CVSS6.1AI score0.00651EPSS
Exploits0
Fedora
Fedora
added 2026/04/17 12:54 a.m.8 views

[SECURITY] Fedora 43 Update: skopeo-1.22.2-1.fc43

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

7.5CVSS6.4AI score0.00651EPSS
Exploits0
Snyk
Snyk
added 2026/04/15 1:9 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...

7.1CVSS6.4AI score0.0032EPSS
Exploits0References2
Rows per page
Query Builder