CVE-2026-44006

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0...

ROOT-APP-NPM-CVE-2026-44006 CVE-2026-44006 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-44006 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

CVE-2026-44006 vm2: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0...

CVE-2026-44006

vm2 (Node.js sandbox) contains a code execution risk via a vulnerability in BaseHandler.getPrototypeOf that can enable sandbox escape and remote code execution. The CVE-2026-44006 flaw affects versions up to 3.10.x and is fixed in 3.11.0. Exploitation relies on reaching BaseHandler.getPrototypeOf...

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-44006 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

CVE-2026-44006

creationtimestamp| type| source ---|---|--- 2026-05-01 20:40:54+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8 2026-05-13 21:49:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlrbtta76z2i 2026-05-18 14:18:11+00:00|...

CVE-2025-44006

creationtimestamp| type| source ---|---|--- 2025-10-03 19:05:13+00:00| seen| Telegram/nqaEKU5EggBrZJDDOna9LL5atWxT5Z8XDo1W9urVtcBOCEc...

CVE-2024-44006

Missing Authorization vulnerability in Amir Helzer WooCommerce Multilingual & Multicurrency woocommerce-multilingual.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through = 5.3.6...

CVE-2022-44006

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by...

CVE-2024-44006

creationtimestamp| type| source ---|---|--- 2024-11-01 17:01:23+00:00| seen| https://t.me/cvedetector/9601...

WordPress WooCommerce Multilingual & Multicurrency Plugin <= 5.3.6 is vulnerable to Broken Access Control

Software WooCommerce Multilingual & Multicurrency Type Plugin Vulnerable versions = 5.3.6 Fixed in 5.3.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-44006 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5e4519a377a3 Credits Rafi...

CVE-2022-44006

creationtimestamp| type| source ---|---|--- 2022-11-17 15:58:42+00:00| seen| https://t.me/cibsecurity/53049...

CVE-2022-44006

BACKCLICK Professional 5.9.63 is affected by a flaw in upload filename validation/sanitization, allowing an externally reachable, unauthenticated update function to write files outside the intended location. This can lead to remote code execution by uploading a malicious executable. The issue is ...

CVE-2022-44006

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by...

CVE-2022-44006

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by...

CVE-2021-44006

CVE-2021-44006 affects Siemens JT2Go and Teamcenter Visualization (all versions before 13.2.0.5). The vulnerability is in the Tiff_Loader.dll, causing an out-of-bounds write past the end of an allocated structure while parsing specially crafted TIFF files, which could allow code execution in the ...