Arbitrary Code Injection

Enclave is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper enforcement of security boundaries in @enclave-vm/core, allowing attackers to escape the JavaScript sandbox environment and achieve arbitrary code execution on the host system...

Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...

CVE-2026-27597

Summary: CVE-2026-27597 affects Enclave’s secure JavaScript sandbox with a vulnerability in the @enclave-vm/core boundaries prior to 2.11.1, allowing an attacker to escape the sandbox and achieve remote code execution. The issue is mitigated by upgrading to version 2.11.1, where the boundary esca...

CVE-2026-20935

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an unauthorized attacker to disclose information locally...

CVE-2026-20938

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to disclose information locally...

Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an unauthorized attacker to disclose information locally...

Microsoft Windows Virtualization-Based Security Enclave 安全漏洞

Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is a software-based trusted execution environment in the address space of host applications from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Virtualization-Based Security...

CVE-2025-53717

Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

Exploit for CVE-2023-36880

Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1. It is a PoC exploit for CVE-2023-36880. The code performs the following steps: 1. Loads a vulnerable version of the "prefsenclavex64.dll" enclave 2. Call the vulnerable "SealSettings"...

CVE-2024-49076

Windows Virtualization-Based Security VBS Enclave Elevation of Privilege Vulnerability...

Google Asylo 安全漏洞

Google Asylo is a framework for the development of trusted applications from Google USA. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in asylo that stems from the ability to modify...

Google Asylo Buffer Error Vulnerability

Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in Google Asylo version 0.6.0 and...