Lucene search
K

870 matches found

OSV
OSV
added 2026/05/08 4:20 p.m.24 views

GHSA-9VG3-4RFJ-WGCM vm2 has Sandbox Breakout Through Null Proto Exception

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details In handleException due to // SECURITY post-GHSA-mpf8 hardening: use from not ensureThis exceptions with a...

9.8CVSS6.4AI score0.00812EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/08 4:20 p.m.12 views

vm2 has Sandbox Breakout Through Null Proto Exception

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details In handleException due to // SECURITY post-GHSA-mpf8 hardening: use from not ensureThis exceptions with a...

9.8CVSS6.4AI score0.00812EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/05/08 4:16 p.m.14 views

CVE-2026-41591

Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a or tag the Marko runtime failed to prevent tag breakout when the closing tag used non-lowercase casing. An attacker...

6.4CVSS0.00195EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/08 3:58 p.m.19 views

NPM: vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`

NPM: vm2 has sandbox breakout via neutralizeArraySpeciesBatch vulnerability discovered by ? in WordPress Npm vm2 versions = 3.11.1...

9.8CVSS6AI score0.00851EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/08 3:58 p.m.62 views

GHSA-9QJ6-QJGG-37QQ vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this...

9.8CVSS6.4AI score0.00851EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-39191

Name of the Vulnerable Software and Affected Versions VM2 affected versions not specified Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. The issue occurs because the neutralizeArraySpeciesBatch function interacts with objects from an external...

10CVSS6.5AI score0.00851EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.21 views

PT-2026-39192

Name of the Vulnerable Software and Affected Versions VM2 affected versions not specified Description A sandbox breakout allows attackers to write code that escapes the VM2 sandbox to execute arbitrary commands on the host system. This occurs in the handleException function where exceptions with ...

10CVSS6.3AI score0.00812EPSS
Exploits1References13
Patchstack
Patchstack
added 2026/05/05 4:33 p.m.13 views

NPM: VM2 Has Sandbox Breakout Through Inspect Function

NPM: VM2 Has Sandbox Breakout Through Inspect Function vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.3...

9.8CVSS6AI score0.01186EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/05/05 4:33 p.m.6 views

GHSA-V37H-5MFM-C47C VM2 Has Sandbox Breakout Through Inspect Function

Summary VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The node inspect method allows to log details of objects. To get to the...

9.8CVSS6.2AI score0.01186EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/05/05 4:33 p.m.9 views

VM2 Has Sandbox Breakout Through Inspect Function

Summary VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The node inspect method allows to log details of objects. To get to the...

9.8CVSS6.2AI score0.01186EPSS
Exploits1References7Affected Software1
Patchstack
Patchstack
added 2026/05/05 4:23 p.m.15 views

NPM: VM2 Has Sandbox Breakout Through Promise Species

NPM: VM2 Has Sandbox Breakout Through Promise Species vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.3...

9.8CVSS6AI score0.00896EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/05/04 5:16 p.m.35 views

CVE-2026-24118

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0...

9.8CVSS0.00917EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/05/04 4:33 p.m.3 views

CVE-2026-24781 vm2: Sandbox Breakout Through Inspect

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been...

9.8CVSS6.1AI score0.01186EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:33 p.m.3 views

CVE-2026-24781

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been...

9.8CVSS6.1AI score0.01186EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/05/04 4:33 p.m.52 views

CVE-2026-24781 vm2: Sandbox Breakout Through Inspect

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been...

9.8CVSS0.01186EPSS
Exploits1References5
CVE
CVE
added 2026/05/04 4:33 p.m.37 views

CVE-2026-24781

vm2 is an open source Node.js sandbox; prior to version 3.11.0 it suffers a sandbox breakout through the inspect function that allows code to escape the VM2 sandbox and run arbitrary host commands. The issue has been fixed in version 3.11.0. Affected: vm2 (Node.js VM2 sandbox); root cause: sandbo...

9.8CVSS6.1AI score0.01186EPSS
Exploits1References10Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 4:28 p.m.9 views

CVE-2026-24118 VM2 Sandbox Breakout Through __lookupGetter__

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0...

9.8CVSS6.1AI score0.00917EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:28 p.m.4 views

CVE-2026-24118

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0...

9.8CVSS6.1AI score0.00917EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/05/04 4:28 p.m.8 views

EUVD-2026-26984

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0...

9.8CVSS6.1AI score0.00917EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/04 4:28 p.m.58 views

CVE-2026-24118 VM2 Sandbox Breakout Through __lookupGetter__

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0...

9.8CVSS0.00917EPSS
Exploits1References4
Rows per page
Query Builder