EUVD-2026-26995

VM2 Has a WASM Sandbox Escape Node 25 only...

NPM: VM2 Has a Sandbox Escape Issue via SuppressedError

NPM: VM2 Has a Sandbox Escape Issue via SuppressedError vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.4...

GHSA-55HX-C926-FR95 VM2 Has a Sandbox Escape Issue via SuppressedError

In vm2 v3.10.4 on Node.js v24.13.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. PoC js const VM = require"vm2"; const vm = new VM; vm.run const ds = new DisposableStack; ds.defer = throw null; ; ds.defer = const e = Error; e.name = Symbol; e.stack; ; try...

CVE-2026-26956

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...

CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only)

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...

CVE-2026-26956

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...

CVE-2026-24120

Technical details about CVE-2026-24120 are not publicly available in the provided documents. The affected components, root cause, impact, and fixes are not specified here. Monitor for updates.

PT-2026-36852

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.5 Description A critical sandbox escape exists in the vm2 library, which is used to run untrusted JavaScript code in Node.js applications. This issue allows an attacker to break out of the restricted environment and...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via titletag vulnerability discovered by wesley wcraft in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Title HTML Tag vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Calendy vulnerability discovered by ST in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

CVE-2024-2786

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the titletag attribute. This makes it possible for authenticated attacker...

CVE-2024-45334

Trend Micro Antivirus One versions 3.10.4 and below Consumer is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions...

CVE-2024-45335

Trend Micro Antivirus One (v3.10.4 and earlier) is affected due to insufficient input validation that could allow a specially crafted virus to bypass or evade virus scanning detection. The issue could potentially be exploited by a remote attacker to defeat detection. Remediation: upgrade to a ver...

Trend Micro Antivirus One 安全漏洞

Trend Micro Antivirus One is an antivirus software from Trend Micro. A security vulnerability exists in Trend Micro Antivirus One version 3.10.4 and prior versions, which originated from a vulnerability that allows an attacker to bypass and evade virus scanning detection using a specially crafted...

PT-2024-8676 · Trend Micro · Trend Micro Antivirus

Name of the Vulnerable Software and Affected Versions: Trend Micro Antivirus One versions 3.10.4 and below Description: The issue is related to insufficient input validation, which could allow an attacker to bypass virus scan detection using a specifically crafted virus. This could potentially be...

PT-2024-7422 · Trend Micro · Trend Micro Antivirus

Name of the Vulnerable Software and Affected Versions: Trend Micro Antivirus One versions 3.10.4 and below Consumer Description: The issue is related to insufficient access control, which could allow an attacker to gain unauthorized access to protected information. This could permit arbitrary...

CVE-2024-3724

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal Timeline widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied...

WordPress plugin Happy Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Incorrect Authorization to Information Exposure vulnerability

Incorrect Authorization to Information Exposure vulnerability discovered by Lucio Sá in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...