Lucene search
K

88 matches found

Github Security Blog
Github Security Blog
added 2026/05/05 4:23 p.m.10 views

VM2 Has Sandbox Breakout Through Promise Species

Summary The fix for https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The fix for...

9.8CVSS6.5AI score0.00896EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/04 6:27 p.m.9 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the vm2.run function. An attacker can execute arbitrary commands on the host system by escaping the sandbox...

9.8CVSS6.3AI score0.00921EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 6:27 p.m.9 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the vm2.run function. An attacker can execute arbitrary commands on the host system by escaping the...

9.8CVSS6.3AI score0.00921EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/14 6:30 p.m.4 views

EUVD-2026-22676

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal...

9.3CVSS6.4AI score0.00209EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.4 views

CVE-2026-20941

Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...

7.8CVSS6.8AI score0.00463EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 6:16 p.m.4 views

CVE-2026-20941

Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.00463EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 6:16 p.m.4 views

CVE-2026-20941

Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00463EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/13 5:57 p.m.3 views

CVE-2026-20941

Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...

7.8CVSS5.5AI score0.00463EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichment
added 2026/01/13 5:57 p.m.9 views

CVE-2026-20941 Host Process for Windows Tasks Elevation of Privilege Vulnerability

...

7.8CVSS6.6AI score0.00463EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 5:57 p.m.33 views

CVE-2026-20941

CVE-2026-20941 describes an elevation-of-privilege in the Windows Host Process for Windows Tasks caused by improper link resolution before file access (link following). The issue is local and affects Windows client/server platforms as scoped by the January 2026 updates. Microsoft lists fixes in K...

7.8CVSS6.5AI score0.00463EPSS
Exploits0References1Affected Software3
Microsoft CVE
Microsoft CVE
added 2026/01/13 4:0 p.m.11 views

Host Process for Windows Tasks Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...

7.8CVSS6.9AI score0.00463EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.6 views

PT-2026-2743

Name of the Vulnerable Software and Affected Versions Host Process for Windows Tasks affected versions not specified Description An issue with how links are handled before accessing files 'link following' in Host Process for Windows Tasks can allow a local attacker with authorization to gain high...

7.8CVSS6.2AI score0.00463EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.5 views

CVE-2019-20175

An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 the size...

7.5CVSS6.5AI score0.03355EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/12 6:1 p.m.5 views

CVE-2025-60710

Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.04601EPSS
Exploits0References1
OSV
OSV
added 2025/11/11 6:15 p.m.3 views

CVE-2025-60710

Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.04601EPSS
Exploits0References3
NVD
NVD
added 2025/11/11 6:15 p.m.3 views

CVE-2025-60710

Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...

7.8CVSS0.04601EPSS
Exploits0References4
CVE
CVE
added 2025/11/11 5:59 p.m.111 views

CVE-2025-60710

CVE-2025-60710 is a Windows privilege-escalation vulnerability in the Host Process for Windows Tasks caused by improper link resolution before file access (link following). The CVE entry notes local abuse by an authorized attacker and a high impact (C:H, I:H, A:H) with local attack vector and no ...

7.8CVSS5.3AI score0.04601EPSS
In wildExploits0References4Affected Software3
Cvelist
Cvelist
added 2025/11/11 5:59 p.m.260 views

CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability

...

7.8CVSS0.04601EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/11/11 5:59 p.m.5 views

CVE-2025-60710

Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...

7.8CVSS5.5AI score0.04601EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichment
added 2025/11/11 5:59 p.m.1 views

CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability

...

7.8CVSS6.6AI score0.04601EPSS
Exploits0References1
Rows per page
Query Builder