88 matches found
VM2 Has Sandbox Breakout Through Promise Species
Summary The fix for https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The fix for...
Arbitrary Code Injection
Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the vm2.run function. An attacker can execute arbitrary commands on the host system by escaping the sandbox...
Arbitrary Code Injection
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the vm2.run function. An attacker can execute arbitrary commands on the host system by escaping the...
EUVD-2026-22676
Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal...
CVE-2026-20941
Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...
CVE-2026-20941
Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...
CVE-2026-20941
Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...
CVE-2026-20941
Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...
CVE-2026-20941 Host Process for Windows Tasks Elevation of Privilege Vulnerability
...
CVE-2026-20941
CVE-2026-20941 describes an elevation-of-privilege in the Windows Host Process for Windows Tasks caused by improper link resolution before file access (link following). The issue is local and affects Windows client/server platforms as scoped by the January 2026 updates. Microsoft lists fixes in K...
Host Process for Windows Tasks Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...
PT-2026-2743
Name of the Vulnerable Software and Affected Versions Host Process for Windows Tasks affected versions not specified Description An issue with how links are handled before accessing files 'link following' in Host Process for Windows Tasks can allow a local attacker with authorization to gain high...
CVE-2019-20175
An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 the size...
CVE-2025-60710
Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...
CVE-2025-60710
Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...
CVE-2025-60710
Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...
CVE-2025-60710
CVE-2025-60710 is a Windows privilege-escalation vulnerability in the Host Process for Windows Tasks caused by improper link resolution before file access (link following). The CVE entry notes local abuse by an authorized attacker and a high impact (C:H, I:H, A:H) with local attack vector and no ...
CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability
...
CVE-2025-60710
Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...
CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability
...