ROOT-APP-NPM-CVE-2026-44003 CVE-2026-44003 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-44003 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

CVE-2026-44003

vm2 (Node.js sandbox) prior to version 3.11.0 includes a transformer fast-path that bypasses AST analysis when code does not contain catch, import, or async, allowing sandboxed code to access internal state VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL and its security helpers (handleExcepti...

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-44003 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +16 more potentially affected by CVE-2026-44003 via vm2 (>=3.0.0 <=3.11.1)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =1.0.0-beta.1, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.72.3 and more Source cves: CVE-2026-44003 Source advisory: SNYK:JS-VM2-16624522...

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +16 more potentially affected by CVE-2026-44003 via vm2 (>=3.0.0 <=3.10.5)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =1.0.0-beta.1, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.72.1 and more Source cves: CVE-2026-44003 Source advisory: SNYK:JS-VM2-16439008...

CVE-2026-44003

creationtimestamp| type| source ---|---|--- 2026-05-01 20:44:52+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7...

MAL-2025-44003 Malicious code in dewi-nasi9-kyuki (npm)

The package dewi-nasi9-kyuki was found to contain malicious code...

CVE-2025-44003

Missing Release of Resource after Effective Lifetime CWE-772 in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a...

CVE-2025-44003

creationtimestamp| type| source ---|---|--- 2025-07-10 11:56:24+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114828809599813642...

CVE-2025-44003

Missing Release of Resource after Effective Lifetime CWE-772 in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a...

CVE-2025-44003

CVE-2025-44003 affects Gallagher T-Series Reader. A CWE-772 resource leak in the reader allows a limited denial of service when 125 kHz Card Technology is enabled, exploitable by someone with physical access. Affected versions include: prior to 9.20.250213a, prior to 9.10.250213a, prior to 9.00.2...

CVE-2025-44003

Missing Release of Resource after Effective Lifetime CWE-772 in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a...

CVE-2024-44003

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in spicethemes Spice Starter Sites spice-starter-sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through = 1.2.5...

CVE-2024-44003

creationtimestamp| type| source ---|---|--- 2024-09-18 03:19:47+00:00| seen| https://t.me/cvedetector/5883...

CVE-2024-44003

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in spicethemes Spice Starter Sites spice-starter-sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through = 1.2.5...

CVE-2024-44003

CVE-2024-44003 describes a Reflected Cross‑Site Scripting vulnerability in the WordPress plugin Spice Starter Sites . Affected versions are

CVE-2024-44003 WordPress Spice Starter Sites plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in spicethemes Spice Starter Sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through 1.2.5...

CVE-2024-44003 WordPress Spice Starter Sites plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in spicethemes Spice Starter Sites spice-starter-sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through = 1.2.5...

WordPress Spice Starter Sites Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Spice Starter Sites Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44003 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d2624fbd2e7 Credits Le Ngoc Anh Required privilege...

CVE-2022-44003

creationtimestamp| type| source ---|---|--- 2022-11-17 16:01:53+00:00| seen| https://t.me/cibsecurity/53055 2025-04-30 14:13:02+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14036...