CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

Unity Linux 20.1050e / 20.1070e Security Update: python-jinja2 (UTSA-2026-017331)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017331 advisory. Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that...

CVE-2026-41900

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in...

Astra Linux – Vulnerability in Jinja2

Jinja is an extensible templating engine. Prior to version 3.1.6, there was a flaw in how the Jinja sandbox environment interacted with the |attr filter, allowing an attacker who controls the content of a template to execute arbitrary Python code. To exploit this vulnerability, an attacker needed...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a check-time-based flaw in sandbox file operations, allowing attackers to bypass defenses based on file...

JLSEC-2026-99

Deno =1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory...

OpenClaw 路径遍历漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained a path traversal vulnerability. This vulnerability stemmed from the use of path traversal in sandbox enforcement, allowing the sandbox-ified agent to read any file...

GHSA-7853-GQQM-VCWX openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools

Affected openclaw-claude-bridge v1.1.0 Issue v1.1.0 spawns the Claude Code CLI subprocess with --allowed-tools "" and the release notes + README claim this "disables all CLI tools" for sandboxing. This claim is incorrect. Per the Claude Code CLI documentation, --allowed-tools alias --allowedTools...

CVE-2026-33396

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

OpenAI Codex CLI 输入验证错误漏洞

OpenAI Codex CLI is an OpenAI open source lightweight coding agent software that runs in the terminal. An input validation error vulnerability exists in OpenAI Codex CLI versions 0.2.0 through 0.38.0, which stems from an error in the sandbox configuration logic and could lead to arbitrary file...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1966)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-18324 · Tesla · Tesla Model S

Name of the Vulnerable Software and Affected Versions: Tesla Model S affected versions not specified Description: This issue allows local attackers to escape the sandbox on affected Tesla Model S vehicles. To exploit this, an attacker must first obtain the ability to execute code within the sandb...

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

Template Injection

Overview Affected versions of this package are vulnerable to Template Injection when an attacker controls the content of a template. This is due to an oversight in the sandboxed environment's method detection when using a stored reference to a malicious string's format method, which can then be...

PT-2024-34887 · Cap-Std +1 · Cap-Std +2

Name of the Vulnerable Software and Affected Versions: cap-std versions prior to 3.4.1 cap-primitives versions prior to 3.4.1 cap-async-std versions prior to 3.4.1 Description: The cap-std project's filesystem sandbox implementation on Windows has a flaw that allows untrusted filesystem paths to...

CVE-2023-42124

Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on t...

tracker-miners: sandbox escape

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...

PT-2023-4146 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 112.0.5615.49 Description: The issue is related to inadequate access control in the Sandbox component of Google Chrome, which can be exploited by a remote attacker to gain unauthorized access to sensitive...