CVE-2026-39052

Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.runString expression, String type, Map context evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions...

Improper Neutralization of Special Elements Used in a Template Engine

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the POST /prompts/test endpoint, which accepts user-supplied prompt templates and renders them...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from the use of the heartbeat context inheritance and the senderIsOwner parameter, which could allow bypassi...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a security vulnerability that stems from the fact that the three-layer sandboxing of the executecode function can be completely bypassed, which can be exploited by an attacker to cause the execution of...

Unauthenticated Remote Code Execution In Langflow Via Public Flow Build Endpoint

Summary The "POST /api/v1/buildpublictmp/flowid/flow" endpoint allows building public flows without requiring authentication. When the optional "data" parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored...

PT-2026-25688

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

USN-7965-1 simgear vulnerability

It was discovered that SimGear could be made to bypass the sandboxing of Nasal scripts. An attacker could possibly use this issue to execute arbitrary code...

CVE-2025-64511

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue...

Exploit for CVE-2025-6384

CrafterCMS Groovy RCE -...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems from the U.S.-based Apple Inc. developed specifically for Mac computers. A security vulnerability exists in Apple macOS that stems from insufficient logic and could cause an application to break through sandboxing restrictions...

UBUNTU-CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level...

CVE-2025-0781 Incorrect Authorization in SimGear

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Monterey versions prior to 12.7.6 that stems from a third-party application extension that may not be properly sandboxed...

Apple macOS Big Sur 权限许可和访问控制问题漏洞

Apple macOS Big Sur is a mobile application app from Apple, Inc. Apple macOS Big Sur suffers from a privilege-granting and access-control issue vulnerability that stems from malicious OSAX script additions that could bypass Gatekeeper checks and circumvent sandboxing restrictions...

Apple macOS Mojave input validation error vulnerability (CNVD-2020-65930)

Apple macOS Mojave is a specialized operating system developed by Apple for Mac computers. Apple macOS Mojave has a security vulnerability that can be exploited by attackers to bypass sandboxing restrictions...

Mozilla Firefox and Firefox ESR Input Validation Error Vulnerability (CNVD-2020-54930)

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox ESR versions prior to 68.8 an...

Unspecified Vulnerability in Apple iOS WebKit Component

Apple iOS is an operating system developed by Apple for mobile devices, of which WebKit is a component of the Web browser engine. A security vulnerability exists in the WebKit component in versions of Apple iOS prior to 13, which can be exploited by attackers to violate iframe sandboxing policies...

CVE-2019-11716

Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNameswindow. Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes t...

[SECURITY] [DSA 3677-1] libarchive security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3677-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2016 https://www.debian.org/security/faq -...

Ubuntu: Security Advisory (USN-2505-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...