CVE-2026-32723

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

CVE-2026-32723

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

CVE-2026-32723

SandboxJS (affected: SandboxJS) prior to 0.8.35 suffers an execution-quota bypass due to a race condition on the global currentTicks.current shared state across concurrent sandboxes. Timer handlers are compiled at execution time using the global tick state rather than the scheduling sandbox’s tic...

CVE-2026-32723 SandboxJS timers have an execution-quota bypass (cross-sandbox currentTicks race)

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

CVE-2026-23245

In the Linux kernel, the following vulnerability has been resolved: net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to an RCU-protected snapshot and swap update...

Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

This module provides a site administrator the ability to log users out after a specified time of inactivity. The module doesn't sufficiently protect its routes from cross-site request forgery CSRF, allowing the logout route to be triggered without user interaction...

SandboxJS 竞争条件问题漏洞

SandboxJS is a security assessment tool developed by nyariv’s individual developer. Versions of SandboxJS prior to 0.8.35 contained a race condition vulnerability. This vulnerability stemmed from a timer’s execution quota bypass issue, which could allow, in multi-tenant scenarios, timer callbacks...

SUSE-SU-2026:0902-1 Security update for freerdp

This update for freerdp fixes the following issue: - CVE-2026-24491: Heap-use-after-free in videotimer additional fix bsc1257981...

SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

GHSA-7P5M-XRH7-769R SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

PT-2026-25822

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

SUSE-SU-2026:20720-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpicmpui bsc1254992. - CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm...

CLSA-2026-1773043650 kernel: Fix of 10 CVEs

ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer CVE-2023-53395 - net: ppp: Add bound checking for skb data on pppsynctxmung CVE-2025-37749 - ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS CVE-2022-50315 - ext2: Check block size validity during mount CVE-2023-53569 - gfs2: Fix possible data races...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005719)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005719 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit...

SUSE SLED15 / SLES15 Security Update : freerdp (SUSE-SU-2026:0763-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0763-1 advisory. - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005601)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005601 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit...

SUSE SLES15 Security Update : freerdp (SUSE-SU-2026:0621-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0621-1 advisory. - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. -...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005798)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005798 advisory. In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When Universal DVB card is detaching,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005785)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005785 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential refcount underflow for idev Now in addrconfmodrstimer, reference...

SUSE-SU-2026:20635-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: - CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel bsc1249205. - CVE-2025-39698: iouring/futex: ensure iofutexwait...