19 matches found
ROOT-APP-NPM-CVE-2026-26332 CVE-2026-26332 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-26332 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
Arbitrary Code Injection
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection via the SuppressedError. An attacker can execute arbitrary code outside the intended sandbox environment by...
CVE-2026-26332
creationtimestamp| type| source ---|---|--- 2026-05-04 18:10:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2bgr7zhc2w 2026-05-04 18:11:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2bhswa6s2e 2026-05-25 09:07:07+00:00| seen|...
CVE-2022-26332
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...
CVE-2025-26332
creationtimestamp| type| source ---|---|--- 2025-07-30 20:56:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lv7j3oyljs2c...
CVE-2025-26332
CVE-2025-26332 affects TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2. The vulnerability involves insertion of sensitive information into a log file, with a low-privileged, local attacker potentially exploiting it to cause information exposure. The attacker may use exposed credentia...
CVE-2023-26332
creationtimestamp| type| source ---|---|--- 2023-03-29 00:45:56+00:00| seen| https://t.me/cibsecurity/60954...
CVE-2023-26332
Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...
CVE-2023-26332 ZDI-CAN-20144: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...
CVE-2023-26332
CVE-2023-26332 affects Adobe Dimension up to version 3.4.7, with an out-of-bounds read that can disclose memory and bypass ASLR. Exploitation requires a user to open a crafted file. A fix is available in Dimension 3.4.8 (per APSB23-20); update is recommended. Multiple references (NVD, CVE records...
Adobe Dimension < 3.4.8 Multiple Vulnerabilities (APSB23-20) (macOS)
The version of Adobe Dimension installed on the remote macOS host is prior to 3.4.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-20 advisory. - Adobe Dimension versions 3.4.7 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could...
CVE-2021-26332
Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability...
CVE-2021-26332
CVE-2021-26332 describes a vulnerability in AMD Secure Encrypted Virtualization (SEV) related to failing to verify that SEV-ES TMR is not in MMIO space, potentially allowing integrity or availability loss. The affected component is SEV-ES TMR handling; root cause is improper verification in memor...
CVE-2021-26332
Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability...
CVE-2022-26332
creationtimestamp| type| source ---|---|--- 2022-03-01 07:23:47+00:00| seen| https://t.me/cibsecurity/38245...
CVE-2022-26332
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...
CVE-2022-26332
CVE-2022-26332 affects Cipi 3.1.15 and enables stored XSS in the /api/servers name field. Multiple sources (NVD entry, Red Hat advisory, Veracode/GHSA, OSV, GITLAB file) confirm a stored XSS condition arising from unsafely accepted input for adding a server, enabling injection of arbitrary JavaSc...
cPanel Code Execution Vulnerability (CNVD-2019-26332)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A code execution vulnerability exists in versions of cPanel prior to 64.0.21. An attacker can exploit the vulnerability to execut...
CVE-2020-26332
CVE-2020-26332 entry is rejected/not used per description; the candidate was not assigned to any issues in 2020.